![]() Newer attacks would have deployed the DarkSide and BlackMatter ransomware, according to security researchers from Microsoft, who have also been tracking the fake FIN7 security company. The attacks installed ransomware such as Ryuk or REvil, two ransomware strains that have been tied in recent years to FIN7 attacks, according to Gemini Advisory. In addition, Gemini Advisory said that tasks and operations assigned to applicants “matched the steps taken to prepare a ransomware attack.” Tools shared by Bastion Secure with the Gemini partner who participated in the interviewing process were linked to malware strains like Carbanak and Lizar/Tirion, tools that have been historically part of FIN7’s arsenal. FIN7 group identified as operators of the Darkside RaaS Gemini Advisory said that this last step in the interviewing process did not include any form of legal documents authorizing the penetration tests, as it’s customary in such cases, or explanation to participants.įurthermore, Bastion Secure representatives also told applicants to use only specific tools that would not be detected by security software and to specifically look for backups and file storage systems once inside a company’s network. After a successful interview, the job applicants were told to sign a contract with a non-disclosure agreement and configure their computer by installing several virtual machines and opening certain ports.Īpplicants received legitimate penetration testing security tools from the company to conduct a series of test assignments.Īpplicants were brought in to participate in a “real” assignment where they were told to conduct a penetration test against one of Bastion Secure’s customers. The first phase included a basic interview process with an HR representative, typically carried out via Telegram. Those who applied went through a three-phase interviewing process the Gemini Advisory team said today after one of its partners went through the process in order to study the shady company. Īds on its website show that FIN7 recruited reverse engineers, system administrators, C++, Python, and PHP programmers. Named Bastion Secure, the company claims to provide penetration testing services for private companies and public sector organizations across the world.īut according to an investigation by Gemini Advisory, a division of Recorded Future, the company is a front for the FIN7 group, which used the Bastion Secure website as a front to post ads on Russian job portals seeking to hire cybersecurity experts for various positions. Bastion Secure recruited via job portals for Russian-speaking users.Ī cybercrime group known as FIN7 has created a fake security firm earlier this year, used it to hire security researchers, and then trick them into participating in ransomware attacks.The group used the company to recruit and trick security researchers into executing ransomware attacks.FIN7 hacking group created and operated a fake security company called Bastion Secure.Cybercrime gang sets up fake company to hire security experts to aid in ransomware attacks
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |