Security News > 2021 > October > Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks
The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme.
"With FIN7's latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity companies to create a thin veil of legitimacy around Bastion Secure," Recorded Future's Gemini Advisory unit said in a report.
Setting up fake front companies is nothing new for FIN7, which has been previously linked to another sham cybersecurity firm dubbed Combi Security that claimed to offer penetration testing services to customers.
It's in the next stage of the hiring process that Bastion Secure's involvement in criminal activity became evident, what with the company's representatives providing access to a so-called client company's network and asking prospective candidates to gather information on domain administrators, file systems, and backups, signalling a strong inclination towards conducting ransomware attacks.
By paying "Unwitting 'employees' far less than it would have to pay informed criminal accomplices for its ransomware schemes, [] FIN7's fake company scheme enables the operators of FIN7 to obtain the talent that the group needs to carry out its criminal activities, while simultaneously retaining a larger share of the profits," the researchers added.
"Although cybercriminals looking for unwitting accomplices on legitimate job sites is nothing new, the sheer scale and blatancy with which FIN7 operates continue to surpass the behavior shown by other cybercriminal groups," the researchers said, adding the group is "Attempting to obfuscate its true identity as a prolific cybercriminal and ransomware group by creating a fabricated web presence through a largely legitimate-appearing website, professional job postings, and company info pages on Russian-language business development sites."
News URL
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)