Iran’s government-backed hackers are trying to infect US military veterans with malware with the help of a malicious website, researchers from security firm Cisco Talos reported on Tuesday. The website, located at hiremilitaryheroes[.]com (pictured above), offers a fake desktop app for download, in the hopes that US military veterans would download and install it, presumably to gain access to job offerings. But Cisco Talos researchers say the app only installs malware on users’ systems and shows an error message, indicating that the installation failed.
When encountering a story like this, the first question CISOs and security teams ask is “are we affected?” Answering this question becomes easier when organizations generate transaction logs for network traffic using solutions like Corelight. By checking connection, DNS, and possibly HTTP logs, security teams can determine if any monitored device tried to access “ hiremilitaryheroes[.]com“ and if they successfully interacted with it. Using these investigative leads, analysts could then concentrate on devices and accounts of interest to begin incident response processes.