Security News > 2021 > October > FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

It's not the first time FIN7 has masqueraded as a legitimate security firm, but this latest gambit showcases its continued expansion into the ransomware area, researchers noted.

It added that with willing accomplices, FIN7 would be forced to share a percentage of ransom payments - but "FIN7's fake company scheme enables the operators of FIN7 to obtain the talent that the group needs to carry out its criminal activities, while simultaneously retaining a larger share of the profits."

"Once the system administrator mapped out the system and identified backups, FIN7 could then escalate to the next step in the malware and ransomware infection process."

FIN7 has gone to great lengths for verisimilitude for its fake company, starting with the name, Bastion Secure, which Gemini pointed out is remarkably close to the name of a real company specializing in physical security called Bastion Security.

Masquerading as being involved in legitimate security activities is a bit of a tried-and-true tactic for FIN7.

"Not only is FIN7 looking for unwitting victims on legitimate job sites, but also attempting to obfuscate its true identity as a prolific cybercriminal and ransomware group by creating a fabricated web presence through a largely legitimate-appearing website, professional job postings, and company info pages on Russian-language business development sites," the report recapped.

News URL

https://threatpost.com/fin7-security-pros-ransomware-attacks/175681/