A fake web site pretending to be an organization that offers job opportunities for U.S. veterans is distributing malware that let's the attackers gain full control over a victim's computer.
Researchers from the Cisco Talos Group have a found a web site that pretends to be the organization called HMH, or Hire Military Heroes, that offers a desktop application that veterans can use for job opportunities.
Fake employment site for veterans
Talos Group states that the attackers behind this web site are a threat actor group named Tortoiseshell, who Symantec recently identified as an attacker who targeted IT companies in order to gain access to their customers.
"This is just the latest actions by Tortoiseshell. Previous research showed that the actor was behind an attacker on an IT provider in Saudi Arabia. For this campaign Talos tracked, Tortoiseshell used the same backdoor that it has in the past, showing that they are relying on some of the same tactics, techniques and procedures (TTPs)."
When a user visits the site, they will be prompted to download a program for either Windows 8, 8.1, or Windows 10. For the Windows 10 download, it is a zip file containing a program named win10.exe. This file is currently only detected by 3/69 vendors on Virustotal.
Downloaded File
If the program is launched, a small loading screen will appear that states "Hire Military Heroes is a new ..
Support the originator by clicking the read the rest link below.
