Keyboard shortcuts are available for common actions and site navigation.
A massive cyber espionage campaign, which we found so spooked US intelligence that it changed how the government handles DNS registration, was the work of hackers aligned with the Turkish governmenthttps://www.reuters.com/article/us-cyber-attack-hijack-exclusive-idUSKBN1ZQ10X…
The operation, known within the cyber research community as “SeaTurtle,” exploited weaknesses in DNS to hack hundreds of high profile victims, including entire foreign intelligence agencies. Notable victims also included a human rights group negotiating a ceasefire in Syria.
We first began hearing word about how big a deal this hack was from our sources after a great report by @TalosSecurity. Our sources told us the hackers had gained access giving them the ability to intercept ALL INTERNET TRAFFIC going to several countries in the Middle East
Other high profile ![🐢](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="72" height="72"><rect fill-opacity="0"/></svg> "Turtle")
victims included: the email services for the entire government of Cyprus, the Freemason group in Turkey, a key undersea cable provider situated in Cyprus which routes large portions of the internet throughout the Middle East
We try to be very transparent about how we know what we know since this is an arena ripe for misdirection and confusion. (If you’re interested in learning more about Turkish hacking ops I would suggest checking our their MIT) https://www.reuters.com/article/us-cyber-attack-hijack-exclusive-idUSKBN1ZQ10X …pic.twitter.com/rdYnC9y4Nt
The hijacking was aimed at huge amounts of traffic flowing through Albania, Greece, Iraq, and Cyprus.. all countries which are of high geopolitical interest to Turkey for various reasons. occurred at a time when Turkey was launching numerous kinetic military strikes in Syria
There was a lot of detail I wish we could have jammed into this story, but alas... if you want to talk about SeaTurtle or have any additional info let me know (full contact info in bio)
I believe this is the first story that really highlights a Turkish cyber espionage operation (beside this great CL research which is more domestic surveillance-focused)https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/…
And Yes - I am aware that there is at least two examples of a publicly available cyber threat intel report/blog from the private sector which is describing a Turkish APT. But the company did not attribute directly.
DNS hijacking is an interesting subject. I know I shouldn't be surprised that it is still an issue but I am. Do you know of any articles exploring its past usage compared to today? Kinda not a news story but would be an interesting read.
So there was a separate and distinct DNS hijacking op last year called “DNS Espionage” which reportedly came from Iran - that could be interesting additional reading for you 
Venezuelan lost in DC. Signal: 202-510-0174. More contact info: ![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="73" height="73"><rect fill-opacity="0"/></svg>)
