This website collects cookies to deliver better user experience. Cookie Policy
Accept
Sign In
The Wall Street Publication
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Reading: Ransomware Gang Poses as Real Company to Recruit Tech Talent
Share
The Wall Street PublicationThe Wall Street Publication
Font ResizerAa
Search
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Have an existing account? Sign In
Follow US
© 2024 The Wall Street Publication. All Rights Reserved.
The Wall Street Publication > Blog > Tech > Ransomware Gang Poses as Real Company to Recruit Tech Talent
Tech

Ransomware Gang Poses as Real Company to Recruit Tech Talent

Editorial Board Published October 21, 2021
Share
Ransomware Gang Poses as Real Company to Recruit Tech Talent
SHARE

A criminal organization believed to have built the software that shut down a U.S. fuel pipeline has set up a fake company to recruit potential employees, according to researchers at the intelligence firm Recorded Future and Microsoft Corp. MSFT 1.09%

The fake company is using the name Bastion Secure, according to the researchers. On a professional-looking website, the company says it sells cybersecurity services. But the site’s operator is a well-known hacking group called Fin7, Recorded Future and Microsoft say.

Fin7 is believed to have hacked hundreds of businesses, stolen more than 20 million customer records and written the software used in a hack that disrupted gasoline delivery in parts of the Southeastern U.S., federal prosecutors and researchers say.

The Bastion Secure website, which uses the logo BS, has listed jobs that are technical in nature and appear similar to work that would be performed at any security company—programmers, system administrators and people who are good at finding bugs in software. Prospective hires will work nine-hour days on a predictable schedule: Monday to Friday, according to the company website. Lunch breaks are provided, the site says.

The attempt to impersonate a legitimate company for recruiting purposes represents a new development by purveyors of ransomware to grow and spread a scourge that has disrupted meat production, hospital care, education and hundreds of businesses. With hundreds of millions of dollars in illegal earnings, ransomware operators are increasingly operating like criminal startups with professionalized support staff, software development, cloud-computing services and media relations, security researchers say.

SHARE YOUR THOUGHTS

How do you think cyberattacks will continue to change the landscape of national security? Join the conversation below.

Recorded Future shared its findings with The Wall Street Journal and planned to publish them in a blog post Thursday. Microsoft officials gave a presentation on their discovery earlier this month at a conference hosted by the cybersecurity firm Mandiant.

Emails to an address listed on the Bastion Secure website went unanswered. A phone call to an Israeli number listed on the site was answered by a Russian-speaking man. “I’m just a person. I have nothing to do with any cybersecurity company,” he said before hanging up.

The recruiting effort appears concentrated on Russian speakers, the researchers said. While criminals have traditionally operated in the shadows—recruiting partners in criminal forums—the demands of Fin7’s growing business appear to have pushed it to recruit in the open, security researchers say.

“You can find more qualified people when you search more broadly,” said Andrei Barysevich, the head of Gemini Advisory, a division of Recorded Future. “There’s a lot of embedded law-enforcement agents on the dark web.”

Information-technology jobs advertised by Bastion Secure offer salaries between $800 and $1,200 a month. That is decent pay in former Soviet countries such as Ukraine, but “a small fraction of a cybercriminal’s portion of the criminal profits from a successful ransomware extortion or large-scale payment-card-stealing operation,” according to the Recorded Future report.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

Fin7 has hacked thousands of computer systems and for years focused on stealing and selling credit-card information. The 70-person group caused more than $3 billion in damages to companies and individuals, federal prosecutors say.

The group has recently shifted from stealing card information to ransomware, and it now manages a ransomware service and conducts intrusions to deploy the file-encrypting software, said Nick Carr, a security analyst at Microsoft, while speaking at the Mandiant conference.

Microsoft believes Fin7 produced the software used in the hack that disrupted Colonial Pipeline Co.’s operations in the spring. The actual hack is believed to have been carried out by a criminal affiliate of Fin7, Mr. Carr said in his presentation. Fin7 marketed its ransomware business under the name DarkSide, but more recently has called it BlackMatter, researchers say.

On Monday, three federal agencies—the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the National Security Agency—published an alert, explaining how companies can protect themselves from BlackMatter and warning that in recent months, the ransomware “has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations.”

Bastion Secure isn’t the first fake company Fin7 has used to recruit employees. In August 2015 it used another fake cybersecurity company called Combi Security to recruit a Ukrainian man named Fedir Hladyr as a systems administrator, according to federal prosecutors.

Mr. Hladyr didn’t realize that he was engaged in a criminal enterprise until many months after his hiring, according to his attorney, Arkady Bukh. He said Fin7 had compartmentalized its business to keep its different employees ignorant of the group’s criminal activity. “At some stage, some would figure it out,” the attorney said. “Sometimes not.”

Mr. Hladyr maintained Fin7’s communications servers as well as a world-wide network of servers used to launch and manage cyberattacks, according to federal prosecutors. After pleading guilty to hacking charges, he was sentenced to 10 years in prison in April.

With Bastion Secure, the company made offers to prospective recruits, the researchers say. The Microsoft researchers were able to find a copy of an employment agreement from Bastion Secure sent to a potential employee. “If you actually work there, you’re not supposed to talk about it at speeches or media events,” Mr. Carr said.

It didn’t take long for one potential recruit—applying for an information-technology job—to spot red flags, said Mr. Barysevich, the researcher at Recorded Future whose firm said it spoke with the potential recruit. The first warning sign was that nobody with the company would meet face-to-face or talk via a voice call, the recruit told Mr. Barysevich. Instead, they would communicate only via the encrypted messaging software Telegram or Tox, according to Recorded Future.

Later, the recruit was sent software that Bastion Secure told him he would be using on the job, Mr. Barysevich said. He was asked to connect to what was described as a “client” network and collect information, but not told why or how it would be used. The software tools he was given were in fact hacking tools that a Recorded Future analysis linked to Fin7, Mr. Barysevich said.

Much of the text on the Bastion Secure website appears to have been lifted word-for-word from a legitimate U.K.-based cybersecurity company, Convergent Network Solutions Ltd, researchers say. A spokesman for Convergent said the company is treating the Bastion Secure site as a “malicious website” and is taking steps to get it removed, he said.

The website includes a quote that claims to be from Tom Deevy, described as a managing director of Bastion Secure. The Mr. Deevy quoted on the site couldn’t be reached for comment. Another man named Tom Deevy is a managing director of a company called Bastion Security Products Ltd., a builder of panic rooms and other armored enclosures.

“It’s completely fake,” Mr. Deevy said of the quote. “We’ve never even dealt in the cybersecurity world.”

Mr. Deevy added that a Gateshead, U.K., address listed by Bastion Secure as its U.K. business location was formerly occupied by his company. “That’s an address that we held seven years ago,” he said.

—Valentina Ochirova contributed to this article.

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

TAGGED:Tech NewsWall Street Publication
Share This Article
Twitter Email Copy Link Print
Previous Article Chinese Developer Defaults Pile Up as Evergrande Contagion Spreads Chinese Developer Defaults Pile Up as Evergrande Contagion Spreads
Next Article China wipes Celtics games from internet after Kanter calls Xi Jinping a ‘dictator’ China wipes Celtics games from internet after Kanter calls Xi Jinping a ‘dictator’

Editor's Pick

Kirill Dmitriev’s Vision: The Russia-Alaska Tunnel as a Geostrategic Imperative

Kirill Dmitriev’s Vision: The Russia-Alaska Tunnel as a Geostrategic Imperative

Executive Summary: A Strategic Announcement In a landmark social media post dated October 16, Kirill Dmitriev, Chief Executive Officer of…

By Editorial Board 6 Min Read
Ottawa’s culinary neighborhood mourns younger Inuk chef killed in stabbing
Ottawa’s culinary neighborhood mourns younger Inuk chef killed in stabbing

The final time Patrick Garland noticed Joshua Qiyuk, the younger chef was…

3 Min Read
The 2025 Denim Playbook: The Finest Denims and Manufacturers for Each Type | Fashion
The 2025 Denim Playbook: The Finest Denims and Manufacturers for Each Type | Fashion

We independently consider all advisable services. Any services or products put ahead…

6 Min Read

Oponion

Twitter Whistleblower Testifies in Congress Ahead of Shareholder Vote on Musk’s Bid

Twitter Whistleblower Testifies in Congress Ahead of Shareholder Vote on Musk’s Bid

This copy is for your personal, non-commercial use only. Distribution…

September 13, 2022

Expensive Abby: Their recreation with their canine is threatening our friendship

DEAR ABBY: I've recognized my finest…

February 7, 2025

Health Experts Urge Patience on Wider Use of Covid-19 Booster Shots

WASHINGTON—Top U.S. health officials urged patience…

September 19, 2021

You Don’t Want an iPad, however Do You Need One? Then These Prime Day Apple Offers Are for You

If in case you have one…

July 9, 2025

Supply-Chain Snarls Leave Southern California Swamped in Empty Shipping Containers

The biggest export out of Southern…

November 26, 2021

You Might Also Like

All-Clad Cookware Is Costly, however This Restricted-Time Sale Makes It Approach Extra Reasonably priced
Tech

All-Clad Cookware Is Costly, however This Restricted-Time Sale Makes It Approach Extra Reasonably priced

All-Clad offers are arduous to search out, however the cookware lasts for years and years. Utilizing dangerous cookware could make…

8 Min Read
This Fuel Pizza Oven Was My Favourite of the Summer season. It’s Half Off Immediately
Tech

This Fuel Pizza Oven Was My Favourite of the Summer season. It’s Half Off Immediately

Cookware model All-Clad stunned me this yr. This summer season, it breezed into the yard pizza world with a debut…

2 Min Read
Sennheiser’s Superior Wi-fi Earbuds Are Virtually Half Off
Tech

Sennheiser’s Superior Wi-fi Earbuds Are Virtually Half Off

Seeking to rating virtually 50 % off on a pair of high-end true wi-fi earbuds? Amazon at the moment has…

3 Min Read
These Are The Greatest Bookshelf Audio system for Your Residing Room or Desk
Tech

These Are The Greatest Bookshelf Audio system for Your Residing Room or Desk

Different Good Audio system We ExaminedWe take a look at loads of audio system, and never all of them make…

3 Min Read
The Wall Street Publication

About Us

The Wall Street Publication, a distinguished part of the Enspirers News Group, stands as a beacon of excellence in journalism. Committed to delivering unfiltered global news, we pride ourselves on our trusted coverage of Politics, Business, Technology, and more.

Company

  • About Us
  • Newsroom Policies & Standards
  • Diversity & Inclusion
  • Careers
  • Media & Community Relations
  • WP Creative Group
  • Accessibility Statement

Contact

  • Contact Us
  • Contact Customer Care
  • Advertise
  • Licensing & Syndication
  • Request a Correction
  • Contact the Newsroom
  • Send a News Tip
  • Report a Vulnerability

Term of Use

  • Digital Products Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Cookie Settings
  • Submissions & Discussion Policy
  • RSS Terms of Service
  • Ad Choices

© 2024 The Wall Street Publication. All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?