Lumen Technologies

Daniel Adamitis

A few years ago, an elusive threat actor named Sea Turtle, a.k.a Marble Dust, made a big splash with their operations targeting the DNS ecosystem. As quickly as their campaigns breached the surface, they quickly dove back down into the depths of ocean below the threat-intel sight line. There they have been lurking and quietly performing operations for years, avoiding many people’s sonar. Recently an uncanny duo of threat researchers from Microsoft Threat Intelligence Team, and Lumen Technologies Black Lotus Labs teamed up for an expedition to look for Sea Turtle in our various holdings.

This presentation will cover the threat actor’s profile since its last public report in 2021, including some undisclosed tools, new TTPs, targeting, and even provide our current thoughts on attribution.

Danny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research team at Lumen Technologies. Danny has tracked nation-state adversaries and cybercriminals using both open-source and proprietary datasets in various roles for several years. More recently he has focused on threats to ISPs, including campaigns in which actors targeted networking equipment, Linux servers, and DNS infrastructure. Prior to joining Lumen Technologies, Daniel worked at Cisco Talos. Danny has a bachelor’s degree in Diplomacy and International Relations from Seton Hall University.