"Hacking Gang Creates Fake Firm to Hire Pentesters for Ransomware Attacks"

The FIN7 hacking group, also known as Carbanak, is now creating fake cybersecurity companies that perform network attacks under the guise of penetration testing. FIN7 has been involved in cyberattacks and campaigns aimed at stealing money since 2015, when the group first emerged, infecting ATMs with man-in-the-middle (MITM) attack-enabling malware. Researchers at Gemini Advisory uncovered the fake cybersecurity firm called Bastion Secure, set up by FIN7. According to the researchers, the website created for the fake corporate entity contained stolen and recompiled content from other websites. Bastian Secure's website claims that the company is based out of England, but the researchers observed the site serving 404 error pages in the Russian language. The website's 'About' page also states that the company is a spin-off of the legitimate cybersecurity firm Convergent Network Solutions Ltd. FIN7 was found offering between $800 and $1,200 per month to recruit C++, PHP, and Python programmers as well as Windows system administrators and reverse engineering specialists. The researchers believe the hacking group also wanted to hire system administrators because they would be able to map compromised corporate systems, conduct network reconnaissance, and locate backup servers and files, all of which are skills required for the pre-encryption stages of ransomware attacks. This article continues to discuss the evidence that suggests FIN7 was behind the creation of the fake Bastion Secure cybersecurity firm. 

Bleeping Computer reports "Hacking Gang Creates Fake Firm to Hire Pentesters for Ransomware Attacks"