Charleston MOAA Chapter Charleston MOAA Chapter
Charleston MOAA Chapter Charleston MOAA Chapter
Member Login    News    NewsLetter   Photos    Event Calendar          
ARMY    MARINE CORPS    NAVY    AIR FORCE    SPACE FORCE    COAST GUARD    NOAA    USPHS
Charleston MOAA Chapter

Archived News Stories   
Register for News Story Emails

WARNING Hackers target job hunting service members, veterans with sham employment website
Posted on: 10/11/19


The bogus website prompted users to download an app that contained malicious malware that would allow the attacker to access a "significant amount of information," according to Cisco Talos.

  Veterans hunting for jobs may have thought “Hire Military Heroes” was just another jobs website that would help them find employment.

But in reality, the site prompted users to download an app containing malicious malware that would allow the attacker to access a plethora of information, according to cybersecurity researchers at Cisco Talos.

“The attacker retrieves information such as the date, time and drivers. The attacker can then see information on the system, the patch level, the number of processors, the network configuration, the hardware, firmware versions, the domain controller, the name of the admin, the list of the account, etc.,” Cisco Talos said in a blog post in September about the malware.

“This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks,” Cisco Talos added.

The phony site shared a similar URL to the site “Hiring Our Heroes,” an employment site the U.S. Chamber of Commerce Foundation launched.

According to the security intelligence and research group, an actor called Tortoiseshell was responsible for the attack — the same actor Symantec identified being behind attempts targeting Saudi Arabian IT providers.

Cisco Talos and Symantec have not pointed a finger at Iran, but experts claim it’s likely Iran is the culprit. Multiple media reports also suggest the malign actor has ties to Iran.

For example, the National Guard Bureau issued a memorandum on Oct. 2 to service members instructing them to not visit the phony employment site, Stars and Stripes reported. The memorandum claimed that Iranian hackers were interested in getting into a DOD system.

  “They’re targeting active servicemembers looking for jobs with the promise of offering assistance for civilian employment once their service ends,” the memo said, according to Stars and Stripes. “The hackers are hoping one of their targets would use a DOD system to download and run the malware.”

The National Guard Bureau deferred to the Pentagon for comment when contacted by the Military Times. The Pentagon did not provide comment on the memo or whether DOD systems were compromised.

“As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence, or planning,” Elissa Smith, Department of Defense spokeswoman, said in a statement to the Military Times.

Christopher Burgess, who served with the CIA for more than 30 years, believes Iran was behind the attack because of the malware’s history targeting Saudi Arabian IT entities. In a blog post on ClearanceJobs, Burgess said the activity is “consistent with Iranian intelligence efforts given the ongoing Iran-Saudi hostilities.”

“This piece of cyberespionage was designed to compromise the owner’s machine AND allow the complete download of contents, when a [remote access trojan] piece of malware was installed,” Burgess said in an email to the Military Times. “What that permitted is to know everything the user had on their device and how they interacted with other devices. The information could be used to fill out the counterintelligence and operational mosaic of an adversary.”

Burgess also noted Iran already has some information on U.S. service members and their cyber activities, thanks to Monica Witt.

Witt, a former Air Force counterintelligence specialist who defected to Iran in 2013, was charged with espionage on behalf of Iran, according to an indictment that was unsealed in February. The indictment claims that she shared U.S. classified information with an Iranian government official and also compiled research on her former colleagues and coworkers in the U.S. Intelligence Community.

The information was then funneled into “target packages” to help Iran target the former colleagues, the indictment said.

Burgess doesn’t expect that this episode targeting service members and veterans is an isolated incident from Iran.

“They are not slouches when it comes to cyberespionage and they have shown their ability to conduct social engineering operations in the past. I would expect them to do so in the future,” Burgess said.

To prevent being targeted in future attacks, Burgess recommended veterans and others not download apps to devices — unless it’s from a trusted source.

“Do not click on links,” Burgess added. “Never share personal information with sites you have not validated. Your bank will never call, email or SMS for your account data. If something doesn't appear legit, check with the originator.”

By:

Return to Archived News Stories

Return to Active News Stories

Charleston MOAA Chapter
Our Newsletter
Upcoming Events
Join MOAA
Charleston MOAA Chapter

· Copyright ©2025 Charleston MOAA Chapter P.O. Box 70421 Charleston SC 29415 ·
· Contact Charleston MOAA Chapter · Editorial and Privacy Policy · Webmaster · Browser and Email Settings ·
·