A website pretending to help find jobs for US military veterans was found to be infecting their computers with malware, Cisco's Talos Security Intelligence and Research Group said Tuesday. The website was called hiremilitaryheroes.com, a Talos blog post said, and asked users to download a fake installer app that deployed malware and malicious spying tools.
The system info retrieved by the attacker includes hardware, firmware versions, patch level, number of processors, network configuration, domain controller, screen size and admin name.
"This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks," Cisco Talos said, adding it has the potential of affecting a lot of people.
"Americans are quick to give back and support the veteran population ... this website has a high chance of gaining traction on social media where users could share the link in the hopes of supporting veterans."
The threat actor is Tortoiseshell, Cisco and Symantec say, which was also found to be behind an IT provider attack in Saudi Arabia.
The malicious website remains online and has been up and running since the end of July or the beginning of August, Cisco told CNET in an email Wednesday. Cisco Talos said it's impossible to tell if anyone has fallen victim to the site.
Originally published Sept. 24, 3:07 p.m. PT.
Updates, 4:19 p.m.: Adds more info; Sept. 25: Includes more info from Cisco.