A threat group has been discovered targeting US military veterans through a fake job site.
Researchers at Symantec discovered that the group, Tortoiseshell, has been active since 2018, focusing mainly on IT providers in Saudi Arabia. With that particular campaign, attackers would install malware on machines in a number of different organisations.
The most recent campaign was uncovered by Cisco’s Talos Intelligence Group, whereby the group has been targeting US military veterans seeking jobs through a fake website named “Hire Military Heroes”.
Users are prompted to download a desktop app, however researchers have found that the app just installs malware onto victims’ machines, whilst displaying an error message to indicate that the installation has failed.
The malware drops a remote access tool that enables full access to compromised computers, additionally the malware collects data including information on the system such as firmware versions, the name of the admin, date, time, drivers and more. All the collected data is sent to a controlled Gmail inbox belonging to the attacker.
Warren Mercer, Paul Rascagneres and Jungsoo An, the three Cisco Talos researchers said: “This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks.”
This new attack vector has the potential to target even more victims, and with veterans receiving a lot of support, there is a high chance that the site will gain a lot of traction.
Mercer told Infosecurity Magazine: “If Tortoiseshell successfully targeted a currently enlisted military professional with access to potentially confidential information, this could become very damaging to the parties involved.”
The post #Privacy: US veterans targeted by threat group Tortoiseshell appeared first on PrivSec Report.