Earlier this month, U.S. military officials warned that Iranian hacks have set up a fake job website for veterans that targets service members considering a transition back to civilian life.
For informational purposes, the Utah Department of Veterans & Military Affairs has posted the following the National Guard Bureau, sharing information about a job seeking website that will install malicious software onto a visitor’s device.
National Guard Advisory: AD-19-21 Iranian Hackers Target US Military Personnel
A nation-state hacking group was recently found attacking IT provider networks and hosting a fake website called “Hire Military Heroes,” which drops spying tools and other malicious code onto a victim’s system. The malicious website is a “massive shift” for the hacking group known as Tortoiseshell according to Cisco, as it is targeting a wider net of victims this way. “Americans are quick to give back and support the veteran population, therefore, this website has a high chance of gaining traction on social media where users could share the link in the hopes of supporting veterans,” the Talos team wrote in its blog post about the threat.
Cisco Talos researchers found the group hosting the “Hire Military Heroes” website with an image from the “Flags of our Fathers” film. The malicious site prompts visitors to download an app, which is actually a downloader that drops the malware and other tools that gather system information, such as drivers, patch level, network configuration, hardware, firmware, domain controller, admin name, and other user account information. It also pulls screen size to determine whether the machine is a sandbox, according to Cisco’s findings. At this time, it has not been confirmed that veterans specifically have been targeted, but rather soon-to-be veterans. They’re targeting active service members looking for jobs with the promise of offering assistance for civilian employment once their service ends researchers say. The hackers are hoping one of their targets would use a DOD system to download and run the malware, chances are low, but worth a shot.
For the full advisory, please CLICK THIS LINK