fbpx

Cyber ​​espionage operation against MUREN, Turkey’s submarine management system project

Published by Krypteia Group on

https://www.defenceturk.net/turkiyenin-denizalti-yonetim-sistemi-projesi-murene-yonelik-siber-casusluk-operasyonu

According to the report published by China-based internet and application security company NSFocus, a new APT group of unknown origin allegedly carried out cyber espionage operations against the Naval Forces Command (DKK) and TUBITAK in early August 2022.

According to the report, this new APT group, called MurenShark and targeting Turkey, attacked universities, research institutes and many sensitive targets working in the military field, especially those involved in military projects. In addition, it was stated in the report that MurenShark made phishing attacks over two documents leaked from TÜBİTAK and that one of the documents containing malicious software used in the attack came from TÜBİTAK and the other from DKK.

The report states that the main target of MurenShark’s activities in early August was the relevant personnel of the “MÜREN” project, including the TÜBİTAK project designers and the project reviewers of the Turkish Naval Forces. However, there is no certainty about whether the attack reached its goal or not. However, from the contents of the fake document, MurenShark is claimed to have successfully invaded the systems.

It is among the allegations that MurenShark used the official website of the Near East University in the Cyprus region as a remote server during the attack process and has been controlling the website’s server for more than a year.

According to cyber security expert Ersin Çahmutoğlu, the threat actor named MurenShark has highly advanced capabilities. In this context, it is also stated that the actors whose identities and locations cannot be determined thanks to the tools and specific managements they use, try to lose their traces in order not to be disclosed during the operation processes.

In the investigation, it is also stated in the report that TÜBİTAK, one of the main targets of MurenShark, was not attacked for the first time. On the contrary, it is claimed that TÜBİTAK is the key victim of various hacking and APT activities.

The report states that such attacks are launched in the form of phishing emails and use common payloads such as compressed packet attachments and vulnerability documents to deliver stealthy Trojans such as AgentTesla to tubitak.gov.tr ​​mailbox users.

Categories: CybersecurityExploits

Related Posts

Cybersecurity IoT Software Solutions

Natural Language Processing (NLP) Career Guide: Skills & Competencies You Should Have

How to Become an NLP Expert: A Guide to the Skills and Competencies You Need In light of the necessity for data protection in the present threat landscape, cyber security is one of the fundamental Read more…

Cybersecurity Exploits Security Awareness Training Solutions

The next step in CISA’s maturity is its new cyber strategic plan

Leaders at the Cybersecurity and Infrastructure Security Agency like to say security is so important they put it in their name twice. Now that same rationale is the impetus behind CISA’s first-ever cybersecurity strategic plan Read more…

Cybersecurity Exploits Malware Phishing Ransomware Security Awareness Training Security Patches

Cyberattack causes multiple hospitals to shut emergency rooms and divert ambulances

Cybercriminals attacked the computer systems of a California-based health care provider causing emergency rooms in multiple states to close and ambulance services to be redirected. The ransomware attack happened at Prospect Medical Holdings of Los Read more…