Sarah Jones

Scouring for Sea Turtles

A couple years back an elusive threat actor named Sea Turtle, a.k.a Marble dust, made a big splash with their operations targeting the DNS ecosystem. As quickly as their campaigns breached the surface, they quickly dove back down into the depths of ocean below the threat intel sight line. There they have been lurking and quietly performing operations for years, avoiding many people’s sonar. Recently an uncanny duo of threat researchers from Microsoft Threat Intelligence Team, and Lumen Technologies Black Lotus Labs teamed up for an expedition look for sea turtle in our various holdings.

This talk will cover the threat actor’s profile since its last public report in 2021; including some undisclosed tools, new TTPs, targeting, and even provide our current thoughts on attribution. So come along for a fantastic voyage as we present the migratory patterns of the sea turtles as we follow them around the world once again.

Sarah Jones is an IT security professional with over 10 years’ experience providing analytical, research, and policy expertise to senior leaders in government and private industry on cybersecurity matters. She is a senior threat analyst in the Microsoft Threat Intelligence Community where she investigates nation state threat actors.

Prior to Microsoft, she was a principal analyst on the Cyber Espionage Analysis team at Mandiant. She has previously worked in Security Operations Centers for government and defense industrial base clients. Sarah has a bachelor’s degree in International Relations from George Mason University and a master’s degree in Security Policy Studies with concentrations in Science, Technology and Transnational Security from George Washington University.