Hunt & Hackett Exposes Turkish-Aligned Cyber Threats in the Netherlands

A series of sophisticated cyberattacks in the Netherlands, orchestrated by a group aligning with Turkish interests, has signaled an escalation in Turkey’s pursuit of intelligence and influence within Western nations.

Hunt & Hackett, a cybersecurity firm, has tracked a group known by various aliases, including Sea Turtle, Teal Kurma, and Marbled Dust, among others. This Turkey-based Advanced Persistent Threat (APT) actor, primarily motivated by espionage, has been targeting a range of public and private entities since 2017. Initially known for DNS hijacking to achieve its objectives, the group has since evolved, focusing on governmental bodies, Kurdish political groups, NGOs, telecommunication entities, ISPs, IT service providers, and media & entertainment organizations.

In the Netherlands, Sea Turtle has conducted multiple campaigns, primarily targeting telecommunication media, ISPs, IT service providers, and Kurdish websites. The group’s modus operandi involves intercepting internet traffic to victim websites, potentially granting unauthorized access to government networks and other organizational systems. This approach aids in associating actions with the threat actor and provides valuable insights for organizations operating within similar geographic zones or sectors.

Sea Turtle’s operations are characterized by stealth and precision. The group uses sophisticated techniques like reverse shell mechanisms and defense evasion to avoid detection while collecting and extracting sensitive data. Their targeting approach primarily focuses on repositories housing valuable and sensitive data, such as customer information, metadata, and call logs.

The implications of these campaigns extend beyond mere cybersecurity concerns. The stolen information is likely utilized for surveillance or intelligence gathering on specific groups or individuals. This aligns with claims from US officials about hacker groups acting in Turkey’s interest, focusing on the identities and locations of the victims, including governments of countries geopolitically significant to Turkey.

In response to these escalating cyber threats, organizations, especially in the telecommunication and IT sectors, are advised to bolster their cybersecurity measures. This includes deploying advanced endpoint detection and response (EDR) systems, enforcing robust password policies, enabling two-factor authentication, keeping software up-to-date, and implementing egress network filtering.

The Turkish espionage campaigns in the Netherlands represent a significant shift in the landscape of international cyber warfare. As state-supported cyber espionage groups like Sea Turtle continue to evolve and refine their tactics, the need for heightened cybersecurity awareness and preparedness becomes more crucial than ever.