A highly capable threat actor has been running a campaign that relied on DNS hijacking to reach their targets. In the operation, at least 40 public and private organizations in 13 countries have been compromised. The main targets are ministries of foreign affairs, military organizations, intelligence agencies, energy companies. The attack vectors used in the Sea Turtle campaign were spear-phishing (at least in one instance) and multiple known vulnerabilities, one of them as old as 2009. After changing DNS records, Sea Turtle operators set up a man-in-the-middle (MitM) framework that impersonated legitimate services used by the victim with the purpose of stealing login credentials.
Source: https://www.bleepingcomputer.com/news/security/sea-turtle-campaign-focuses-on-dns-hijacking-to-compromise-targets/