NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Sea Turtle

Sea Turtle

Also known as: Teal Kurma · Marbled Dust · Cosmic Wolf · SILICON

Overview

Sea Turtle is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. Sea Turtle is notable for targeting registrars managing ccTLDs and complex DNS-based intrusions where the threat actor compromised DNS providers to hijack DNS resolution for ultimate victims, enabling Sea Turtle to spoof log in portals and other applications for credential collection.

Regions

Germany

Capabilities

  • Exploitation of public-facing / client applications — ATT&CK T1190, T1203

TTPs — 27 techniques across 9 tactics

Resource Development

Execution

Persistence

Credential Access

Collection

Command and Control

Tools & malware (1)

SnappyTCP

Reporting (3)