Veterans Targeted by Hackers Through Fake Military Heroes Hiring Website

A hacking group has targeted U.S. veterans through a fake hiring website hosting malware, according to research published Tuesday.

The hacking unit, known as Tortoiseshell, created the Hire Military Heroes website. The site encourages users to download an app that exposes computers to "spying tools" and other malware, cybersecurity research group Cisco Talos has reported.

Researchers also noted that the link to the hacking group's fake veteran hiring website,, is similar to the web address of the Hiring Our Heroes initiative run by the U.S. Chamber of Commerce Foundation, which can be found at

The Chamber of Commerce Foundation's legitimate scheme assists serving and ex-military personnel prepare for work and find jobs when they return to life as a civilian.

Newsweek has contacted the Chamber of Commerce Foundation for comment on the fake website, which appears to be an attempt to misdirect people seeking its Hiring Our Heroes scheme, but has not yet received a response.

Hire Military Heroes malware website
The homepage of the fake Hire Military Heroes website set up by the hacking group Tortoiseshell. Wayback Machine

Cisco Talos researchers Warren Mercer and Paul Rascagneres, assisted by Jungsoo An, said the Hire Military Heroes attack website had "potential to allow a large swath of people to become victims" as sympathy for veterans could see the malware host spread on social media platforms.

But they added: "At the time of publication, we do not have a method of distribution used, nor do we have proof of this existing in the wild."

The Tortoiseshell hacking group reportedly behind the website has previously targeted Saudi Arabian IT providers, according to cybersecurity firm Symantec, which added in a September blog that it had "no evidence" linking the group to any state actor.

Tortoiseshell's website contains three download links for an app under the tagline: "We make America safer". Cisco Talos has described the app as a "fake installer" that stops if it cannot reach Google.

If it does reach Google, the malicious software triggers two downloads, one of which is a tool that can collect information on the victim's computer. Technical information collected by the software reportedly includes details of the targeted machine's hardware, firmware, drivers and other specifications.

Cisco Talos said the information collected by the attacker would equip them for further attacks. The research group also said Tortoiseshell's tactics and techniques were similar to those used in its attack on Saudi IT providers.

A September 12 snapshot of the fake Hire Military Heroes website (pictured) is still available on the web archive Wayback Machine.