Hackers set up a fake veteran-hiring website to infect victims with malware

The fake website could gain traction on social media where people are trying to support US military veterans.

Corinne Reichert Senior Editor
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently writes news, analysis and features for CNET across the topics of electric vehicles, broadband networks, mobile devices, big tech, artificial intelligence, home technology and entertainment. In her spare time, she watches soccer games and F1 races, and goes to Disneyland as often as possible.
Expertise News | Mobile | Broadband | 5G | Home tech | Streaming services | Entertainment | AI | Policy | Business | Politics Credentials
  • I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
Corinne Reichert

A screenshot of the fake veteran hiring website.

Cisco Talos

A website pretending to help find jobs for US military veterans was found to be infecting their computers with malware , Cisco 's Talos Security Intelligence and Research Group said Tuesday. The website was called hiremilitaryheroes.com, a Talos blog post said, and asked users to download a fake installer app that deployed malware and malicious spying tools.

The system info retrieved by the attacker includes hardware, firmware versions, patch level, number of processors, network configuration, domain controller, screen size and admin name.

Watch this: Police have your Ring footage. They're not the only ones looking at it

"This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks," Cisco Talos said, adding it has the potential of affecting a lot of people.

"Americans are quick to give back and support the veteran population ... this website has a high chance of gaining traction on social media where users could share the link in the hopes of supporting veterans."

The threat actor is Tortoiseshell, Cisco and Symantec say, which was also found to be behind an IT provider attack in Saudi Arabia.

The malicious website remains online and has been up and running since the end of July or the beginning of August, Cisco told CNET in an email Wednesday. Cisco Talos said it's impossible to tell if anyone has fallen victim to the site. 

Originally published Sept. 24, 3:07 p.m. PT.
Updates, 4:19 p.m.: Adds more info; Sept. 25: Includes more info from Cisco.

24 ways to make your home more secure in 2 days

See all photos