Top
image credit: Talos

Fake veteran hiring site downloads spyware instead of jobs

September 25, 2019

A “threat group” previously identified as being behind a set of attacks on IT providers in Saudi Arabia has now been spotted targeting US military veterans and companies with a malicious web page that purports to be an employment site. According to a report posted today by Cisco Talos researchers Warren Mercer, Paul Rascagneres, and Jungsoo An, the site offers a free desktop client—which is in fact a spyware installer.

Symantec identified the group in a threat intelligence post earlier this month. Called Tortoiseshell, the group has been connected with attacks on 11 companies, the majority of which are located in Saudi Arabia.

Read More on ArsTechnica