HOMETHREATSSea Turtle
APT / THREAT GROUP

Sea Turtle

🇹🇷Turkey-attributed
1
campaigns
4
aliases
Last seen:Mar 17, 2026

Intelligence Profile

[Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. [Sea Turtle](https://attack.mitre.org/groups/G1041) is notable for targeting registrars managing ccTLDs and complex DNS-based intrusions where the threat actor compromised DNS providers to hijack DNS resolution for ultimate victims, enabling [Sea Turtle](https://attack.mitre.org/groups/G1041) to spoof log in portals and other applications for credential collection.(Citation: Talos Sea Turtle 2019)(Citation: Talos Sea Turtle 2019_2)(Citation: PWC Sea Turtle 2023)(Citation: Hunt Sea Turtle 2024)

Threat Analysis

Sea Turtle is a known-sophistication threat actor attributed to Turkey, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Sea Turtle — Active Operations March 2026

Sea Turtle is a unknown-motivation threat actor attributed to TR. This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇹🇷 Turkey
Aliases4
SourceMalpedia

Also Known As

Teal KurmaMarbled DustCosmic WolfSILICON

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.