Comments: US Military Veterans Targeted By Iranian State Hackers

By   ISBuzz Team
Writer , Information Security Buzz | Sep 26, 2019 06:24 am PST

Iran’s government-backed hackers are trying to infect US military veterans with malware with the help of a malicious website, researchers from security firm Cisco Talos reported on Tuesday. The website, located at hiremilitaryheroes[.]com (pictured above), offers a fake desktop app for download, in the hopes that US military veterans would download and install it, presumably to gain access to job offerings. But Cisco Talos researchers say the app only installs malware on users’ systems and shows an error message, indicating that the installation failed.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Richard Bejtlich
Richard Bejtlich , Principal Security Strategist
September 26, 2019 2:27 pm

When encountering a story like this, the first question CISOs and security teams ask is “are we affected?” Answering this question becomes easier when organizations generate transaction logs for network traffic using solutions like Corelight. By checking connection, DNS, and possibly HTTP logs, security teams can determine if any monitored device tried to access “ hiremilitaryheroes[.]com“ and if they successfully interacted with it. Using these investigative leads, analysts could then concentrate on devices and accounts of interest to begin incident response processes.

Last edited 4 years ago by Richard Bejtlich

Recent Posts

Would love your thoughts, please comment.x