FIN7, a financially motivated Russian hacking group, seduces unconscious IT specialists and Ransomware, Discovered by security researchers.
According to researchers Recorded Futures Gemini Advisory Unit, FIN7 — Known for hacking point-of-sale registers and stealing over $ 1 billion from millions of credit cards — Currently operating under the guise of Bastion Secure, it claims to offer professional services. Public institution Cyber security service.
The Bastion Secure website looks real. However, according to research, FIN7 uses real information (phone numbers, office locations, texts obtained from real websites) published by existing legitimate cybersecurity companies to make it legitimate. I am creating a veil.Bastion’s website won the “Best Managed Security Services” at the 2016 SC Magazine Awards, and the consultancy division of a fake company 6 degrees 2016. Neither is true.
According to an analysis of the fake company’s website by Recorded Future, it is mostly copied from the website of the legitimate cybersecurity company Convergent Network Solutions. Researchers said the site is hosted by the Russian domain registrar Beget. Cyber criminal Frequently used, some of the fake company website submenus return the Russian “page not found” error. Researchers say this may indicate that the creator of the site speaks Russian.
At the time of this writing, both Chrome and Safari are blocking access to “deceptive” sites.
Like the website, BastionSecure’s advertised vacancies look good enough. Fictitious companies are looking for programmers, system administrators, and reverse engineers. The job description is similar to that found in cybersecurity companies.
However, Recorded Future said FIN7 is trying to build “staff” who can perform the tasks necessary to carry out various cybercriminal activities under the guise of Bastion Secure.
“Given the growing interest in FIN7 ransomware, Bastion Secure may be looking specifically for a system administrator because it allows individuals with this skill set,” the researchers found.
During the interview process, the researchers were alerted. In the first and second stages, there was no indication that Bastion Secure was hiding cybercriminal activity, but in the third stage (which imposed “real” missions on future employees) it was. Abandoned.
“It soon became clear that the company was involved in criminal activity,” the researchers said. “The fact that BastionSecure personnel were particularly interested in file systems and backups indicates that FIN7 was interested in conducting ransomware attacks. [point of sale] Infection. “
One of the Recorded Future researchers, who was offered a position as an IT researcher at Bastion Secure, analyzed the tools provided by the company and found that the tools were from the exploited toolkits Carbanak and Tirion (Lizar). I found it to be a component. Both toolkits were previously due to FIN7 and can be used for both hacking POS systems and deploying ransomware.
“FIN7’s decision to hire IT specialists for criminal activity using fake cybersecurity companies is driven by FIN7’s desire for a relatively cheap and skilled workforce,” said Recorded Future. .. “Jobs for BastionSecure IT Specialist positions ranged from $ 800 to $ 1,200 per month. This is a viable starting salary for this type of position in post-Soviet states. In effect, a fake FIN7 company. The scheme allows FIN7 operators to have the talent needed to hold a larger share of profits while the group commits criminal activity. “
This is not the first time FIN7 has impersonated a legitimate company. I used to pretend to be “combination security” Before unwanted public attention urges the group to shut down fake companies.
Brett Callow, an Emsisoft ransomware expert and threat analyst, told TechCrunch that FIN7’s decision to impersonate Bastion Secure is likely also an attempt to avoid unnecessary attention from law enforcement agencies.
“It’s not surprising that cybercriminal activity attempts to hire through fake companies. Hiring from the dark web is problematic and risky,” he said. “Ransomware gangs aren’t as welcomed as they used to be in certain cybercrime forums, and applicants could potentially become undercover agents. Standard classified ads can address both issues. However, fake companies can serve other purposes as well, such as money laundering. “
“And employees can certainly be misunderstood about the nature of their work. For example, they may not realize that a company doesn’t want to receive penetration tests,” Callow said. ..
FIN7 hackers set up a fake company to recruit for cyberattacks – TechCrunch Source link FIN7 hackers set up a fake company to recruit for cyberattacks – TechCrunch
The post FIN7 hackers set up a fake company to recruit for cyberattacks – TechCrunch appeared first on California News Times.