Hackers set up a fake jobs website aimed at U.S. military veterans in order to infect their computers with malware.
Discovered by cybersecurity researchers with Cisco Talos, the site, called hiremilitaryheroes.com, attempted to convince visitors to download a malware downloader disguised as an app.
Once installed, the attackers would be able to retrieve information on their victim’s computer.
“The attacker can then see information on the system, the patch level, the number of processors, the network configuration, the hardware, firmware versions, the domain controller, the name of the admin, the list of the account, etc,” a blog post from Cisco Talos explains.
That data would then enable the hackers to carry out additional attacks tailored specifically to individual victims if necessary.
Cisco Talos says the attackers behind the website belong to a threat actor group they have dubbed “Tortoiseshell.”
The site is especially dangerous, Cisco Talos added, given the probability that it could quickly spread across social media.
“Americans are quick to give back and support the veteran population,” the blog continued. “[T]his website has a high chance of gaining traction on social media where users could share the link in the hopes of supporting veterans.”
The group was also accused by cybersecurity firm Symantec last week of targeting several major IT providers in Saudi Arabia. CrowdStrike, another cybersecurity firm, believes the hackers are Iranian.
- A bunch of popular YouTube channels were the victims of a nasty hack
- How China targeted Uyghur Muslims with iPhone-hacking websites
- Twitter CEO’s account hacked, retweets pro-Nazi propaganda