‘Sea Turtle’ DNS hijack campaign affects 13 MENA countries

17 Apr 2019

Cisco Talos published a report on a new malicious cyber campaign, Sea Turtle, that affected 40 different organisations in the Middle East and North Africa (MENA) region. Targets included ministries of foreign affairs, military organisations, intelligence agencies, and major energy organisations. Researches describe Sea Turtle as a state-directed espionage campaign active since early 2017, aiming to obtain persistent access to sensitive networks and systems. The cyber-threat was not attributed to any state by Cisco Talos.
The attack used a sophisticated domain name system (DNS) manipulation thus exploiting third-party entities to reach targets such as telecommunications organisations, Internet service providers (ISPs), IT firms, registrars, and registries.
Sea Turtle compromised entities by manipulating and falsifying DNS records at various levels in the domain name space. Researchers believe that their intentions were to steal credentials and gain access to networks and systems of interest. Cisco Talos considers the Sea Turtle campaign worrisome in its realistic potential to undermine user trust in the Internet.


Explore the issues

Cybersecurity is among the main concerns of governments, Internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss. 

Yet, when the Internet was first invented, security was not a concern for the inventors. In fact, the Internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open.

Cybersecurity came into sharper focus with the Internet expansion beyond the circle of the Internet pioneers. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.

The Domain Name System (DNS) handles Internet domain names (such as www.google.com) and converts them to Internet Protocol (IP) numbers (and the other way around).


The GIP Digital Watch observatory is provided by



and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top