Cisco Talos has discovered a new cyber threat campaign that we are calling “Sea Turtle” The campaign is targeting public and private entities, including national security organizations, located in the Middle East and North Africa. We assess with high confidence that this activity is being carried out by an advanced, state-sponsored actor that seeks to obtain persistent access to sensitive networks and systems. DNS hijacking occurs when the actor can illicitly modify DNS name records to point users to actor-controlled servers. The Sea Turtle campaign almost certainly poses a more severe threat than DNSpionage given the actor’s methodology in targeting various DNS registrars and registries.”]
Source: https://blog.talosintelligence.com/2019/04/seaturtle.html