Netflix earnings Sundance Film Festival 2022 Google will set up blockchain unit Amazon opening a brick-and-mortar clothing store Free COVID-19 test kits Wordle explained

Hackers set up a fake veteran-hiring website to infect victims with malware

The fake website could gain traction on social media where people are trying to support US military veterans.


A screenshot of the fake veteran hiring website.

Cisco Talos

A website pretending to help find jobs for US military veterans was found to be infecting their computers with malware, Cisco's Talos Security Intelligence and Research Group said Tuesday. The website was called, a Talos blog post said, and asked users to download a fake installer app that deployed malware and malicious spying tools.

The system info retrieved by the attacker includes hardware, firmware versions, patch level, number of processors, network configuration, domain controller, screen size and admin name.

Now playing: Watch this: Police have your Ring footage. They're not the only ones...

"This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks," Cisco Talos said, adding it has the potential of affecting a lot of people.

"Americans are quick to give back and support the veteran population ... this website has a high chance of gaining traction on social media where users could share the link in the hopes of supporting veterans."

The threat actor is Tortoiseshell, Cisco and Symantec say, which was also found to be behind an IT provider attack in Saudi Arabia.

The malicious website remains online and has been up and running since the end of July or the beginning of August, Cisco told CNET in an email Wednesday. Cisco Talos said it's impossible to tell if anyone has fallen victim to the site. 

Originally published Sept. 24, 3:07 p.m. PT.
Updates, 4:19 p.m.: Adds more info; Sept. 25: Includes more info from Cisco.