January 9, 2024 at 12:38PM
A group affiliated with the Turkish government has increased politically driven cyber-espionage activities targeting Kurdish opposition groups in Europe, the Middle East, and North Africa. Sea Turtle, previously dormant, has resurfaced, carrying out campaigns targeting organizations in the Netherlands. The attacks focus on reaching websites associated with Kurds and the Kurdistan Workers’ Party (PKK). Turkey’s activities in cyberspace may be less visible due to its focus on political espionage compared to other countries.
Based on the provided meeting notes, the key takeaways are:
1. A group aligned with the interests of the government of Turkey has been conducting politically motivated cyber espionage targeting Kurdish opposition groups in Europe, the Middle East, and North Africa. The group, known as Sea Turtle, has been actively involved in various campaigns targeting organizations in the Netherlands, particularly those associated with Kurds and the Kurdistan Workers’ Party (PKK).
2. Sea Turtle’s activities have involved DNS hijacks and the interception of web traffic, indicating a continued interest in cyber espionage and information gathering. They have displayed a moderate level of sophistication in their attacks and have been successful in accessing and stealing sensitive information, including an entire email archive from an organization with ties to Kurdish political entities.
3. Hunt & Hackett tracks ten APT groups operating in Turkey, some of which are aligned with the state while others belong to the Kurdish opposition. Despite this, Turkey receives proportionately less press in the cyber arena, partly due to the sheer volume of cyber attacks from other countries such as North Korea and China. The government of Turkey is known for its political espionage goals, particularly targeting dissidents and opposition groups.
Overall, the meeting notes highlight the resurgence of Sea Turtle in conducting cyber espionage activities aligned with Turkish political interests, particularly targeting Kurdish opposition groups. The research also sheds light on the relative underrepresentation of Turkey in the cyber domain compared to other countries with state-sponsored hacking programs.