‘Sea Turtle’ DNS hijack campaign affects 13 MENA countries
Cisco Talos published a report on a new malicious cyber campaign, Sea Turtle, that affected 40 different organisations in the Middle East and North Africa (MENA) region. Targets included ministries of foreign affairs, military organisations, intelligence agencies, and major energy organisations. Researches describe Sea Turtle as a state-directed espionage campaign active since early 2017, aiming to obtain persistent access to sensitive networks and systems. The cyber-threat was not attributed to any state by Cisco Talos.
The attack used a sophisticated domain name system (DNS) manipulation thus exploiting third-party entities to reach targets such as telecommunications organisations, Internet service providers (ISPs), IT firms, registrars, and registries.
Sea Turtle compromised entities by manipulating and falsifying DNS records at various levels in the domain name space. Researchers believe that their intentions were to steal credentials and gain access to networks and systems of interest. Cisco Talos considers the Sea Turtle campaign worrisome in its realistic potential to undermine user trust in the Internet.