Security News > 2021 > October > Hacking gang creates fake firm to hire pentesters for ransomware attacks
The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting.
As ransomware has become a profitable field for cybercriminals, and having previous experience with fake front companies like "Combi Security", the group set up a new firm to lure legitimate IT specialists.
In the job requirements, the researchers believe that the hacking group was looking to hire pentesters, as system administrators would also have the ability to map compromised corporate systems, perform network reconnaissance, and locate backup servers and files.
All of these skills are required for pre-encryption stages of ransomware attacks, so it appears that this is what FIN7 is going after through these hiring rounds.
Another piece of evidence is that the software was purportedly licensed to "CheckPoint Software Inc", the renowned Israeli security firm, which FIN7 has masqueraded as in other recent attacks.
By creating fake cybersecurity firms to conduct attacks, Gemini believes it is an attempt to hire cheap labor rather than partnering with affiliates who demand a much larger 70-80% share of any paid ransoms.
News URL
Related news
- Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks (source)
- FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (source)
- FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks (source)
- LockBit ransomware returns to attacks with new encryptors, servers (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (source)
- Duvel says it has "more than enough" beer after ransomware attack (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- JetBrains TeamCity under attack by ransomware thugs after disclosure mess (source)