Veterans hunting for jobs may have thought “Hire Military Heroes” was just another jobs website that would help them find employment.
But in reality, the site prompted users to download an app containing malicious malware that would allow the attacker to access a plethora of information, according to cybersecurity researchers at Cisco Talos.
“The attacker retrieves information such as the date, time and drivers. The attacker can then see information on the system, the patch level, the number of processors, the network configuration, the hardware, firmware versions, the domain controller, the name of the admin, the list of the account, etc.,” Cisco Talos said in a blog post in September about the malware.
“This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks,” Cisco Talos added.
The phony site shared a similar URL to the site “Hiring Our Heroes,” an employment site the U.S. Chamber of Commerce Foundation launched.
According to the security intelligence and research group, an actor called Tortoiseshell was responsible for the attack — the same actor Symantec identified being behind attempts targeting Saudi Arabian IT providers.