A state-backed hacking group that was recently spotted going after IT providers in Saudi Arabia and other countries in the Middle East, has launched a new campaign targeting United States veterans using a fake employment website called “Hire Military Heroes.”
New research by Cisco shows that the hacking group, known as Tortoiseshell, hosted the malicious website in order to infect veterans with malware. The website urged visitors to download an app, which delivers a malware downloader. According to Cisco’s Paul Rascagneres, “Tortoiseshell is not well-documented,” but the new study “shows that this actor is offensive for months,” creating fake websites loaded with various malware tools designed to compromise visitors. The attackers “probably use social engineering to send targets on these websites,” Rascagneres believes. Cybersecurity firm CrowdStrike has identified Tortoiseshell, which they refer to as Imperial Kitten, as an Iranian threat actor.