American military veterans on the hunt for a new job are the latest group to be targeted by bold new threat group Tortoiseshell.
The group, which was discovered earlier this month by researchers at Symantec, has been active since July 2018, primarily targeting IT providers in Saudi Arabia with a mix of customized and “common or garden” malware.
New intelligence published yesterday by Cisco Talos reveals that Tortoiseshell has refocused its criminal campaign to strike at targets in the United States. Talos discovered that team Tortoiseshell was behind a malicious website that has been cleverly crafted to resemble a legitimate recruitment site for US military veterans.
Users of the site hxxp://hiremilitaryheroes[.]com were prompted to download an app that in reality was a malware downloader that deployed malware and spyware.
Warren Mercer, technical leader at Cisco Talos, told Infosecurity Magazine that the nature of the attack indicated that Tortoiseshell was hoping to ensnare active military personnel in addition to former servicemen.
“As it seems they were targeting HR/recruitment efforts, it’s possible they hoped to attack current military servicemen as well as current veterans.”