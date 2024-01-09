Duth incident response provider Hunt & Hackett accused the Turkey-linked cyberespionage group Sea Turtle of targeting public and private sector organizations in the Netherlands for the past year. Hunt & Hackett reported that the APT actor primarily targeted telecommunications companies and internet service providers, as well as Kurdish and PKK-affiliated websites. The Dutch firm assessed that Sea Turtle likely sought to collect personal information on users that supported minority or political opposition groups relevant to Turkey. Cisco Talos first discovered the APT in 2019 when Sea Turtle actors conducted a DNS hijacking campaign that impacted 40 organizations across 13 countries. Last month, PwC published a comprehensive review of the APT group’s ‘SnappyTCP’ reverse shell for Linux/Unix systems. SnappyTCP is publicly available on a GitHub repository alongside other proof-of-concept exploit code, although it remains unclear whether Sea Turtle controls the GitHub account.

