15 matches found
Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusio...
Attacks, Vulnerabilities and Actors 8 January to 14 January 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of seven attacks were executed, two vulnerabilities were uncovered, and three active adversaries wer...
Unveiling the Sea Turtle Cyber Espionage Campaign
Summary: Sea Turtle, a Turkey-based Advanced Persistent Threat APT actor, has been active since 2017. The group has primarily targeted European and Middle Eastern organizations, focusing on information theft and DNS hijacking to compromise repositories with valuable and sensitive data. In a recen...
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies
Telecommunication, media, internet service providers ISPs, information technology IT-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle. "The infrastructure of the...
Threat Source newsletter (Jan. 30, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Be sure to pay close attention Tuesday for some changes we have coming to Snort.org. We’ll spare you the details for now, but please bea...
Threat Source newsletter (Jan. 23, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Despite tensions starting to fizzle between the U.S. and Iran, people are still worried about cyber conflict. What would that even look...
2019: The year in malware
By Jon Munshaw. From ransomware attacks to DNS deception, attackers were just as active as ever in 2019. This year saw a number of big-name malware families come onto the scene, including Sea Turtle, one of the most high-profile DNS hijacking attempts in recent memory. BlueKeep also stirred up...
Talos takes home top research honors at Virus Bulletin conference
By Jon Munshaw Researchers from Cisco Talos brought up the top award at this year’s Virus Bulletin conference. Talos received the Péter Ször Award — named for the prolific security researcher who was a longtime contributor to Virus Bulletin and passed away in 2013 — for our research into several...
Threat Source newsletter (July 11, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Generally, when we write about a threat group or attack, that threat will calm down for a while. After all, it’s much for difficult...
Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the "Sea Turtle" DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our initial...
Threat Source (April 18): New attacks distribute Formbook, LokiBot
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...
New DNS Hijacking Attacks
DNS hijacking isn't new, but this seems to be an attack of unprecedented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the...
State-Sponsored DNS Hijacking Infiltrates 40 Firms Globally
A newly-discovered state-sponsored campaign is targeting national security organizations across the Middle East and North Africa MENA – and elsewhere – with domain name system DNS hijacking attacks, used to scoop up credentials. The campaign, dubbed “Sea Turtle” by the Cisco Talos researchers who...
Beers with Talos Ep. #51: Sea Turtles yeeting packets
Beers with Talos BWT Podcast Ep. No. 51 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 12, 2019 — Today, we rip through a few other things to spend most of our time discussing Sea Turtle, the lates...
Cyberspies Hijacked the Internet Domains of Entire Countries
A mysterious new group called Sea Turtle targeted 40 organizations in a DNS hijacking spree...