Unveiling the Sea Turtle Cyber Espionage Campaign

Threat Advisories

Unveiling the Sea Turtle Cyber Espionage Campaign


Sea Turtle, a Turkey-based Advanced Persistent Threat (APT) actor, has been active since 2017. The group has primarily targeted European and Middle Eastern organizations, focusing on information theft and DNS hijacking to compromise repositories with valuable and sensitive data. In a recent 2023 campaign, targeting the Netherlands, Sea Turtle utilized a reverse TCP shell named SnappyTCP for Linux/Unix with basic command-and-control capabilities to establish persistence on systems.

Threat Level – Red | Actor Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.