← Back to Actors
Sea Turtle
Sea TurtleTeal KurmaMarbled DustCosmic WolfSILICON
[Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. [Sea Turtle](https://attack.mitre.org/groups/G1041) is notable for targeting registrars managing ccTLDs and complex DNS-based intrusions where the threat actor compromised DNS providers to hijack DNS resolution for ultimate victims, enabling [Sea Turtle](https://attack.mitre.org/groups/G1041) to spoof log in portals and other applications for credential collection.(Cita...
27
Techniques
23
Covered
4
Gaps
85%
Coverage
Coverage23/27
GAPS (4)
COVERED (23)
T1027.004Compile After Delivery9 det.T1059.004Unix Shell149 det.T1070.002Clear Linux or Mac System Logs8 det.T1071.001Web Protocols74 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts252 det.T1078.003Local Accounts23 det.T1114.001Local Email Collection11 det.T1133External Remote Services72 det.T1190Exploit Public-Facing Application208 det.T1199Trusted Relationship6 det.T1203Exploitation for Client Execution71 det.T1213.006Databases2 det.T1505.003Web Shell57 det.T1557Adversary-in-the-Middle27 det.T1560.001Archive via Utility24 det.T1562.003Impair Command History Logging3 det.T1566Phishing920 det.T1583Acquire Infrastructure1 det.T1583.001Domains61 det.T1588.002Tool13 det.T1588.004Digital Certificates1 det.T1608.003Install Digital Certificate1 det.