Sea Turtle

Sea TurtleTeal KurmaMarbled DustCosmic WolfSILICON

[Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. [Sea Turtle](https://attack.mitre.org/groups/G1041) is notable for targeting registrars managing ccTLDs and complex DNS-based intrusions where the threat actor compromised DNS providers to hijack DNS resolution for ultimate victims, enabling [Sea Turtle](https://attack.mitre.org/groups/G1041) to spoof log in portals and other applications for credential collection.(Cita...

Techniques

Covered

Gaps

86%

Coverage

Coverage25/29

GAPS (4)

T1564.011Ignore Process Interrupts T1583.002DNS Server T1583.003Virtual Private Server T1584.002DNS Server

COVERED (25)

T1027.004Compile After Delivery10 det.T1059.004Unix Shell155 det.T1070.002Clear Linux or Mac System Logs8 det.T1071.001Web Protocols80 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts280 det.T1078.003Local Accounts23 det.T1114.001Local Email Collection11 det.T1133External Remote Services72 det.T1190Exploit Public-Facing Application216 det.T1199Trusted Relationship6 det.T1203Exploitation for Client Execution75 det.T1213.006Databases2 det.T1505.003Web Shell63 det.T1557Adversary-in-the-Middle32 det.T1560.001Archive via Utility26 det.T1562.003Impair Command History Logging3 det.T1566Phishing996 det.T1583Acquire Infrastructure1 det.T1583.001Domains61 det.T1588.002Tool13 det.T1588.004Digital Certificates1 det.T1608.003Install Digital Certificate1 det.T1685.006Clear Linux or Mac System Logs4 det.T1690Prevent Command History Logging3 det.