fbpx

https://www.defenceturk.net/turkiyenin-denizalti-yonetim-sistemi-projesi-murene-yonelik-siber-casusluk-operasyonu

According to the report published by China-based internet and application security company NSFocus, a new APT group of unknown origin allegedly carried out cyber espionage operations against the Naval Forces Command (DKK) and TUBITAK in early August 2022.

According to the report, this new APT group, called MurenShark and targeting Turkey, attacked universities, research institutes and many sensitive targets working in the military field, especially those involved in military projects. In addition, it was stated in the report that MurenShark made phishing attacks over two documents leaked from TÜBİTAK and that one of the documents containing malicious software used in the attack came from TÜBİTAK and the other from DKK.

The report states that the main target of MurenShark’s activities in early August was the relevant personnel of the “MÜREN” project, including the TÜBİTAK project designers and the project reviewers of the Turkish Naval Forces. However, there is no certainty about whether the attack reached its goal or not. However, from the contents of the fake document, MurenShark is claimed to have successfully invaded the systems.

It is among the allegations that MurenShark used the official website of the Near East University in the Cyprus region as a remote server during the attack process and has been controlling the website’s server for more than a year.

According to cyber security expert Ersin Çahmutoğlu, the threat actor named MurenShark has highly advanced capabilities. In this context, it is also stated that the actors whose identities and locations cannot be determined thanks to the tools and specific managements they use, try to lose their traces in order not to be disclosed during the operation processes.

In the investigation, it is also stated in the report that TÜBİTAK, one of the main targets of MurenShark, was not attacked for the first time. On the contrary, it is claimed that TÜBİTAK is the key victim of various hacking and APT activities.

The report states that such attacks are launched in the form of phishing emails and use common payloads such as compressed packet attachments and vulnerability documents to deliver stealthy Trojans such as AgentTesla to tubitak.gov.tr ​​mailbox users.

Categories: CybersecurityExploits