Cisco Talos published a report on a new malicious cyber campaign ‘Sea Turtle’ that affected 40 different organizations in the countries of the Middle East and North Africa region. Target entities included ministries of foreign affairs, military organisations, intelligence agencies and major energy organisations. Researches describe ‘Sea Turtle’ as a state-directed espionage campaign active since early 2017 to obtain persistent access to sensitive networks and systems, though Cisco Talos didn’t attribute it to any state.
The campaign used a sophisticated Domain Name System (DNS) manipulation thus exploiting third-party entities to reach the targets: telecommunications organisations, ISPs, IT firms, registrars and registries.
Threat actors behind the campaign compromised entities by manipulating and falsifying DNS records at various levels in the domain name space. Researchers believed that their intentions were to steal credentials and gain access to networks and systems of interest.
Cisco Talos considers the ‘Sea Turtle’ campaign worrisome in its realistic potential to undermine users’ trust in the Internet as such.