Sea Turtle surfaces in Holland targeting IT, telecom

Jan 08 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that skewers cybercriminals like a Saturday afternoon BBQ ????????????

Today’s hottest cybersecurity news stories:

  • ???? Sea Turtle surfaces in Holland targeting IT, telecom ????

  • ????‍???? Scammers infect hospital, threaten cancer patients ????

  • ????️ West Virginia municipality falls victim to cyber carnage ⚡

If you ???? a ????, ???? ( or ????? ????) ????????????

???? Cybersecurity Alert: Sea Turtle Unleashes Espionage Campaign!

In a chilling development, Dutch security firm Hunt & Hackett reveals a fresh cyber espionage onslaught orchestrated by Sea Turtle, a Türkiye-based threat actor. ???? Targets include telecommunication, media, ISPs, IT-service providers, and Kurdish websites in the Netherlands, amplifying concerns over potential information theft. ????


Sea Turtle, also known as Cosmic Wolf, Marbled Dust, Teal Kurma, and UNC1326, gained notoriety in 2019 for state-sponsored attacks across the Middle East and North Africa. Their modus operandi involves exploiting vulnerabilities, especially through DNS hijacking and supply chain attacks.

Spies the limit ????️‍♂️

Latest insights from Hunt & Hackett highlight Sea Turtle's persistent focus on espionage, utilising the SnappyTCP reverse TCP shell in attacks observed since 2021. ????️‍♂️ In a 2023 incident, a compromised cPanel account was exploited for initial access, demonstrating the group's evolving tactics.

Batten Down The Hatches ⛵

To fortify against such threats, organisations are strongly urged to enforce robust password policies, implement 2FA, monitor SSH traffic, and maintain up-to-date systems. ????️ Stay vigilant and secure your digital frontiers against the elusive Sea Turtle! ????????

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Let’s hope the threat’s benign ????

Extortionists are taking cyber threats to shocking new levels by targeting hospital patients, threatening to initiate bomb scares and other bogus reports that lead heavily armed police to victims' homes unless the medical centres pay hefty ransoms. ????

SWAT ever’s next? ????

In a recent incident at Seattle's Fred Hutchinson Cancer Center, after a cyber breach in November compromised patient records, criminals escalated their tactics by issuing direct swatting threats. The idea is to pressure hospitals into meeting ransom demands, utilising patients and media coverage as leverage. ????

Sleepless in Seattle ????

The unsettling trend extends beyond Seattle, with Integris Health in Oklahoma facing a similar "cyber event." Patients there received threatening emails, adding another layer of distress to an already dire situation. ????

Time to ban the ran payment? ????

As cybercriminals become more brazen, security experts warn of potential real-world violence connected to cyber-extortion, emphasising the urgent need for a ban on ransom payments. Organisations are urged to stay vigilant, enhance cybersecurity measures, and prepare for evolving threats. ????????‍⚕️????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

Hackers: Almost heaven, West Virginia ????????????

???? Beckley, WV Faces Cyber Crisis: City Hit by Cyberattack! ????????

Beckley, West Virginia, is under siege from a recent cyberattack, as announced in a Thursday notice on social media. City officials apologised for network issues and are actively investigating the incident's source, scope, and potential data impact. The city, located 50 minutes from the Virginia border, is at the heart of the Beckley metropolitan area, home to 115,000 people.

They Denver saw it coming ????

Beckley Mayor Rob Rappold confirmed the cyberattack but couldn't provide a restoration timeline. This incident adds to a wave of 2023 cyberattacks on small U.S. governments, with at least 95 entities targeted, as reported by cybersecurity company Emsisoft.

Is it a Hubers who of cyber-attacks ????

In a parallel struggle, Huber Heights, Ohio, is still grappling with fallout from a November ransomware attack, remaining in a state of emergency. The city council allocated $350,000 for response efforts, covering cybersecurity, negotiation, and system updates.

City Manager Rick Dzik emphasised the uncertainty of data compromise, ranging from everyday work documents to personal information. The situation reflects a broader trend of rising cyber threats against municipalities. ????????️????️

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles