Iranian Hackers Host Phony U.S. Veterans Site | Avast

A new website titled Hire Military Heroes pretends to help U.S. veterans find jobs, but cybersecurity researchers have discovered it to be a malicious site run by an Iranian nation-state hacking group. Dark Reading reports the group is called Tortoiseshell, while some experts believe they are actually the infamous Imperial Kitten hacking group. The phony site prompts visitors to download an app, which is actually a malicious downloader that plants malware in the user’s system. The malware then collects a wealth of information about the victim’s network, including hardware details, system configuration, and other admin data. It is unclear how the group is sourcing or luring its victims, but the backdoor created by the malware allows the group to spy on American military veterans while gathering personal information about them. Avast Security Evangelist Luis Corrons says these actions may lead to further data theft. “These are social engineering tactics targeting a specific social group, probably to gather certain information they need to perform further attacks.”

Leave a Reply