Fake Website Targeting U.S. Military Members Seeking Jobs

Kathy Gurchiek By Kathy Gurchiek September 30, 2019
Fake Website Targeting U.S. Military Members Seeking Jobs

​A group of hackers known as Tortoiseshell recently created a fake hiring site for soon-to-be military veterans that looks "strikingly close to the legitimate service from the U.S. Chamber of Commerce, https://www.hiringourheroes.org," according to Cisco Talos Intelligence Group.

Headquartered in San Jose, Calif., Cisco Talos is a threat detection and protection service for Cisco products.

SHRM Online requested comment, but has not heard from, the U.S. Chamber of Commerce.

Earlier research from Cisco Talos indicates that the same hacker group was behind an attack on an IT provider in Saudi Arabia.

According to ZDNet, a business technology news website, the fake site "prompted users to download an app, which was actually a malware downloader, deploying malicious spying tools and other malware."

The hackers, ZDNet said, appear to target active servicemen and women who are looking for jobs as their military service winds down. The embedded malware "could gather data about the [user's computer] system and potentially give hackers remote access."

SHRM Online has collected the following articles on this topic. 

Veterans Targeted by Hackers Through Fake Military Heroes Hiring Website 

A hacking group has targeted U.S. veterans through a fake hiring website hosting malware, according to research published Tuesday.

The hacking unit, known as Tortoiseshell, created the Hire Military Heroes website. It encourages users to download an app that exposes computers to spying tools and other malware, according to Cisco Talos.

U.S. Military Veterans Targeted by Iranian State Hackers  

Iran's government-backed hackers are trying to infect U.S. military veterans with malware with the help of a malicious website, researchers from Cisco Talos reported Sept. 24.

The website, located at hiremilitaryheroes.com, offers a fake desktop app for U.S. military veterans to download and install. The veterans were led to believe the apps would help them find jobs, but what it actually installed malware on their computers, The malware gathers information about the computer system's technical specs and sends the data to an attacker-controlled Gmail inbox. The malware also installs a remote access trojan.

[SHRM members-only tools and templates: Laptop Security Policy]    

National Cybersecurity Awareness Month 2019

Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.

The NCSAM 2019 Toolkit is a comprehensive guide to make it easy for you and your organization, regardless of size or industry, to engage and promote the core theme and critical messages leading up to and throughout October.
(National Initiative for Cybersecurity Awareness and Studies)  

5 Top Cybersecurity Concerns for HR in 2019 

Security experts say there are a number of data security issues human resource information technology leaders should pay close attention to this year. Here are their tips for minimizing risk.
(SHRM Online)   

Viewpoint: The Loophole That Turns Your Apps into Spies  

Just by downloading an app, you're potentially exposing sensitive data to dozens of technology companies, ad networks, data brokers and aggregators.
(New York Times)




Hire the best HR talent or advance your own career.

Are you a department of one?

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.



HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.