Article Lead Image

Cisco Talos

Hackers create fake jobs site to target veterans with malware

The hacking group is believed to originate from Iran.


Mikael Thalen


Posted on Sep 25, 2019   Updated on May 20, 2021, 2:55 am CDT

Hackers set up a fake jobs website aimed at U.S. military veterans in order to infect their computers with malware.

Discovered by cybersecurity researchers with Cisco Talos, the site, called, attempted to convince visitors to download a malware downloader disguised as an app.

Once installed, the attackers would be able to retrieve information on their victim’s computer.

“The attacker can then see information on the system, the patch level, the number of processors, the network configuration, the hardware, firmware versions, the domain controller, the name of the admin, the list of the account, etc,” a blog post from Cisco Talos explains.

That data would then enable the hackers to carry out additional attacks tailored specifically to individual victims if necessary.

Cisco Talos says the attackers behind the website belong to a threat actor group they have dubbed “Tortoiseshell.”

The site is especially dangerous, Cisco Talos added, given the probability that it could quickly spread across social media.

“Americans are quick to give back and support the veteran population,” the blog continued. “[T]his website has a high chance of gaining traction on social media where users could share the link in the hopes of supporting veterans.”

The group was also accused by cybersecurity firm Symantec last week of targeting several major IT providers in Saudi Arabia. CrowdStrike, another cybersecurity firm, believes the hackers are Iranian.


H/T CNet

Share this article
*First Published: Sep 25, 2019, 1:56 pm CDT