A “threat group” previously identified as being behind a set of attacks on IT providers in Saudi Arabia has now been spotted targeting US military veterans and companies with a malicious web page that purports to be an employment site. According to a report posted today by Cisco Talos researchers Warren Mercer, Paul Rascagneres, and Jungsoo An, the site offers a free desktop client—which is in fact a spyware installer.
Symantec identified the group in a threat intelligence post earlier this month. Called Tortoiseshell, the group has been connected with attacks on 11 companies, the majority of which are located in Saudi Arabia.