SYMBOLCOMMON_NAMEaka. SYNONYMS

Sea Turtle  (Back to overview)

aka: COSMIC WOLF, Marbled Dust, SILICON, Teal Kurma, UNC1326

This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this specific campaign, we are concerned that the success of this operation will lead to actors more broadly attacking the global DNS system. DNS is a foundational technology supporting the Internet. Manipulating that system has the potential to undermine the trust users have on the internet. That trust and the stability of the DNS system as a whole drives the global economy. Responsible nations should avoid targeting this system, work together to establish an accepted global norm that this system and the organizations that control it are off-limits, and cooperate in pursuing those actors who act irresponsibly by targeting this system.


Associated Families

There are currently no families associated with this actor.


References
2022-02-16CrowdStrikeCrowdStrike
@techreport{crowdstrike:20220216:global:755868e, author = {CrowdStrike}, title = {{Global Threat Report 2022}}, date = {2022-02-16}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2022GTR.pdf}, language = {English}, urldate = {2022-02-19} } Global Threat Report 2022
Sea Turtle
2021-10MicrosoftMicrosoft
@online{microsoft:202110:microsoft:a6643ed, author = {Microsoft}, title = {{Microsoft Digital Defense Report}}, date = {2021-10}, organization = {Microsoft}, url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi?id=101738}, language = {English}, urldate = {2023-08-11} } Microsoft Digital Defense Report
Sea Turtle
2021-02-28PWC UKPWC UK
@techreport{uk:20210228:cyber:bd780cd, author = {PWC UK}, title = {{Cyber Threats 2020: A Year in Retrospect}}, date = {2021-02-28}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf}, language = {English}, urldate = {2021-03-04} } Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2020-03-03PWC UKPWC UK
@techreport{uk:20200303:cyber:1f1eef0, author = {PWC UK}, title = {{Cyber Threats 2019:A Year in Retrospect}}, date = {2020-03-03}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf}, language = {English}, urldate = {2020-03-03} } Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-02-25Tilting at WindmillsAndreas Sfakianakis
@online{sfakianakis:20200225:sea:7086264, author = {Andreas Sfakianakis}, title = {{On Sea Turtle campaign targeting Greek governmental organisations}}, date = {2020-02-25}, organization = {Tilting at Windmills}, url = {https://threatintel.eu/2020/02/25/on-sea-turtle-campaign-targeting-greek-governmental-organisations-timeline}, language = {English}, urldate = {2023-08-11} } On Sea Turtle campaign targeting Greek governmental organisations
Sea Turtle
2020-02-06DomainToolsChad Anderson
@online{anderson:20200206:finding:e86ebd1, author = {Chad Anderson}, title = {{Finding Additional Indicators With a SeaTurtle Deep Dive in Passive DNS Within DomainTools Iris}}, date = {2020-02-06}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/finding-additional-indicators-with-passive-dns-within-domaintools-iris}, language = {English}, urldate = {2023-08-11} } Finding Additional Indicators With a SeaTurtle Deep Dive in Passive DNS Within DomainTools Iris
Sea Turtle
2020-01-27ReutersJack Stubbs, Christopher Bing, Joseph Menn
@online{stubbs:20200127:exclusive:96b400c, author = {Jack Stubbs and Christopher Bing and Joseph Menn}, title = {{Exclusive: Hackers acting in Turkey's interests believed to be behind recent cyberattacks - sources}}, date = {2020-01-27}, organization = {Reuters}, url = {https://www.reuters.com/article/us-cyber-attack-hijack-exclusive/exclusive-hackers-acting-in-turkeys-interests-believed-to-be-behind-recent-cyberattacks-sources-idUSKBN1ZQ10X}, language = {English}, urldate = {2023-08-11} } Exclusive: Hackers acting in Turkey's interests believed to be behind recent cyberattacks - sources
Sea Turtle
2019-11-07Virus BulletinWarren Mercer, Paul Rascagnères
@online{mercer:20191107:dns:cd6b2d9, author = {Warren Mercer and Paul Rascagnères}, title = {{DNS on FIre}}, date = {2019-11-07}, organization = {Virus Bulletin}, url = {https://www.youtube.com/watch?v=ws1k44ZhJ3g}, language = {English}, urldate = {2023-08-11} } DNS on FIre
DNSpionage Sea Turtle
2019-11-07Virus BulletinWarren Mercer, Paul Rascagnères
@techreport{mercer:20191107:dns:fd516d8, author = {Warren Mercer and Paul Rascagnères}, title = {{DNS on Fire}}, date = {2019-11-07}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/magazine/2019/VB2019-Mercer-Rascagneres.pdf}, language = {English}, urldate = {2023-08-11} } DNS on Fire
DNSpionage Sea Turtle
2019-07-09Cisco TalosPaul Rascagnères
@online{rascagnres:20190709:sea:508ca73, author = {Paul Rascagnères}, title = {{Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques}}, date = {2019-07-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/sea-turtle-keeps-on-swimming}, language = {English}, urldate = {2023-08-11} } Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
Sea Turtle
2019-05-21ICANNDavid Huberman
@online{huberman:20190521:atlas:ec3e24b, author = {David Huberman}, title = {{ATLAS III Webinar 5: Cybersecurity Basics}}, date = {2019-05-21}, organization = {ICANN}, url = {https://icann.zoom.us/recording/play/AhQB4AQyjCuEJGz2wQQans0Xqkz3su8swGLQoORJhdECw9ttz0TbuyzBlue85gIY}, language = {English}, urldate = {2023-08-11} } ATLAS III Webinar 5: Cybersecurity Basics
Sea Turtle
2019-05-21ICANNDavid Huberman
@techreport{huberman:20190521:cybersecurity:17d57c8, author = {David Huberman}, title = {{Cybersecurity & the ICANN Ecosystem}}, date = {2019-05-21}, institution = {ICANN}, url = {https://community.icann.org/download/attachments/109483867/Cybersecurity%20and%20the%20ICANN%20Ecosystem.pdf}, language = {English}, urldate = {2023-08-11} } Cybersecurity & the ICANN Ecosystem
Sea Turtle
2019-04-17Cisco TalosDanny Adamitis, David Maynor, Warren Mercer, Matthew Olney, Paul Rascagnères
@online{adamitis:20190417:dns:0146532, author = {Danny Adamitis and David Maynor and Warren Mercer and Matthew Olney and Paul Rascagnères}, title = {{DNS Hijacking Abuses Trust In Core Internet Service}}, date = {2019-04-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/04/seaturtle.html}, language = {English}, urldate = {2020-01-09} } DNS Hijacking Abuses Trust In Core Internet Service
Sea Turtle
2019-01-09MandiantMuks Hirani, Sarah Jones, Ben Read
@online{hirani:20190109:global:a8835bb, author = {Muks Hirani and Sarah Jones and Ben Read}, title = {{Global DNS Hijacking Campaign: DNS Record Manipulation at Scale}}, date = {2019-01-09}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/global-dns-hijacking-campaign-dns-record-manipulation-at-scale}, language = {English}, urldate = {2023-08-11} } Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
DNSpionage Sea Turtle

Credits: MISP Project