A financially motivated Russian hacking group, FIN7, has set up a fake company to unwittingly trick IT specialists into helping it further expand into ransomware, security researchers have discovered. According to researchers in Recorded Future’s Gemini Advisory Unit, FIN7 — known for hacking into point-of-sale registers and stealing more than $1 billion from him from millions of credit cards — is now disguised as Bastion Secure are active public sector cybersecurity services.
Recorded Future’s analysis of his websites for fake companies revealed that most of them were copied from his website for Convergent Network Solutions, a reputable cybersecurity company. rice field. According to the researchers, the website is hosted by Beget, a Russian domain registrar often used by cybercriminals, and part of the fake company’s website submenu contains the Russian “page is not found” error. The site was Russian-speaking.
His website at Bastion Secure looks authentic. However, upon investigation, FIN7 used real information publicly available from existing legitimate cybersecurity companies (phone number, office location, text taken from his actual website) to verify legitimacy. It turned out that I was creating a veil. Bastion’s website won “Best Managed Security Service” at the 2016 SC Magazine Awards, and the fake company’s consulting arm claims he was acquired by Six Degrees in 2016 neither is true.
At the time of this writing, both Chrome and Safari block access to “fraudulent” websites. As with the website, the jobs advertised by Bastion Secure also look fairly legit. This fictional company is looking for programmers, system administrators, and reverse engineers. The job description is similar to that found in cybersecurity firms. However, according to Recorded Future, under the guise of his Bastion Secure, FIN7 is trying to build a “staff” that can perform the tasks necessary to carry out various cybercriminal operations.
“The fact that Bastion Secure personnel were particularly interested in file systems and backups indicates that FIN7 was more interested in conducting ransomware attacks than [POS] infections.” One of Recorded Future’s researchers, who was offered her position as an IT researcher at Bastion Secure, analyzed the tools provided by the company and found that the tools helped her Carbanak and Tirion (Lizar) post-exploit him. I discovered that it is part of the toolkit of Both toolkits, previously attributed to FIN7, can be used to hack POS systems and deliver ransomware.
Bastion Secure may be looking specifically for system administrators, as those with such skills can do it,” said the researchers. The interview process also set off alarm bells for the researchers. While Stages 1 and 2 showed no indication that Bastion Secure was covering up cybercriminal activity, Stage 3 puts potential employees on “real” assignments that reveal them. became. “It quickly became clear that the company was involved in criminal activity,” the researchers said.
- In an effort to hire IT experts, a group of hackers creates a fake corporation
- Check all news and articles from the latest Security news updates.