Security researchers discovered a threat group targeting U.S. military veterans via a fake job portal, promising help for those looking for jobs.
According to research from Cisco Talos, an attacker group, named Tortoiseshell, have been targeting Americans who’re in search of jobs, especially military veterans. The hacker group has been using a phony hxxp://hiremilitaryheroes[.]com, which is similar to the legitimate one https://www.hiringourheroes.org, to trick U.S. military veterans find jobs.
The URL directs the victims to the fake site and prompts to download an app, which was actually a malware downloader that deploys spying and other malicious tools.
“This is just the latest actions by Tortoiseshell. Previous research showed that the actor was behind an attacker on an IT provider in Saudi Arabia. For this campaign Talos tracked, Tortoiseshell used the same backdoor that it has in the past, showing that they are relying on some of the same tactics, techniques, and procedures (TTPs),” Cisco Talos stated in its report.
The report did not share light in the motive behind the campaign. However, the malware and spy tools have been collecting a considerable amount of data. The malware allows attackers to gain access to the information on the system like date, time, drivers, the patch level, the number of processors, the network configuration, the hardware, firmware versions, the domain controller, the name of the admin, and the list of the account, etc.
“This new campaign utilizing the malicious hiring website represents a massive shift for Tortoiseshell. This particular attack vector has the potential to allow a large swath of people to become victims of this attack. Americans are quick to give back and support the veteran population. Therefore, this website has a high chance of gaining traction on social media where users could share the link in the hopes of supporting veterans,” the report added.