This website collects cookies to deliver better user experience. Cookie Policy
Accept
Sign In
The Wall Street Publication
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Reading: Ransomware Gang Poses as Real Company to Recruit Tech Talent
Share
The Wall Street PublicationThe Wall Street Publication
Font ResizerAa
Search
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Have an existing account? Sign In
Follow US
© 2024 The Wall Street Publication. All Rights Reserved.
The Wall Street Publication > Blog > Tech > Ransomware Gang Poses as Real Company to Recruit Tech Talent
Tech

Ransomware Gang Poses as Real Company to Recruit Tech Talent

Editorial Board Published October 21, 2021
Share
Ransomware Gang Poses as Real Company to Recruit Tech Talent
SHARE

A criminal organization believed to have built the software that shut down a U.S. fuel pipeline has set up a fake company to recruit potential employees, according to researchers at the intelligence firm Recorded Future and Microsoft Corp. MSFT 1.09%

The fake company is using the name Bastion Secure, according to the researchers. On a professional-looking website, the company says it sells cybersecurity services. But the site’s operator is a well-known hacking group called Fin7, Recorded Future and Microsoft say.

Fin7 is believed to have hacked hundreds of businesses, stolen more than 20 million customer records and written the software used in a hack that disrupted gasoline delivery in parts of the Southeastern U.S., federal prosecutors and researchers say.

The Bastion Secure website, which uses the logo BS, has listed jobs that are technical in nature and appear similar to work that would be performed at any security company—programmers, system administrators and people who are good at finding bugs in software. Prospective hires will work nine-hour days on a predictable schedule: Monday to Friday, according to the company website. Lunch breaks are provided, the site says.

The attempt to impersonate a legitimate company for recruiting purposes represents a new development by purveyors of ransomware to grow and spread a scourge that has disrupted meat production, hospital care, education and hundreds of businesses. With hundreds of millions of dollars in illegal earnings, ransomware operators are increasingly operating like criminal startups with professionalized support staff, software development, cloud-computing services and media relations, security researchers say.

SHARE YOUR THOUGHTS

How do you think cyberattacks will continue to change the landscape of national security? Join the conversation below.

Recorded Future shared its findings with The Wall Street Journal and planned to publish them in a blog post Thursday. Microsoft officials gave a presentation on their discovery earlier this month at a conference hosted by the cybersecurity firm Mandiant.

Emails to an address listed on the Bastion Secure website went unanswered. A phone call to an Israeli number listed on the site was answered by a Russian-speaking man. “I’m just a person. I have nothing to do with any cybersecurity company,” he said before hanging up.

The recruiting effort appears concentrated on Russian speakers, the researchers said. While criminals have traditionally operated in the shadows—recruiting partners in criminal forums—the demands of Fin7’s growing business appear to have pushed it to recruit in the open, security researchers say.

“You can find more qualified people when you search more broadly,” said Andrei Barysevich, the head of Gemini Advisory, a division of Recorded Future. “There’s a lot of embedded law-enforcement agents on the dark web.”

Information-technology jobs advertised by Bastion Secure offer salaries between $800 and $1,200 a month. That is decent pay in former Soviet countries such as Ukraine, but “a small fraction of a cybercriminal’s portion of the criminal profits from a successful ransomware extortion or large-scale payment-card-stealing operation,” according to the Recorded Future report.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

Fin7 has hacked thousands of computer systems and for years focused on stealing and selling credit-card information. The 70-person group caused more than $3 billion in damages to companies and individuals, federal prosecutors say.

The group has recently shifted from stealing card information to ransomware, and it now manages a ransomware service and conducts intrusions to deploy the file-encrypting software, said Nick Carr, a security analyst at Microsoft, while speaking at the Mandiant conference.

Microsoft believes Fin7 produced the software used in the hack that disrupted Colonial Pipeline Co.’s operations in the spring. The actual hack is believed to have been carried out by a criminal affiliate of Fin7, Mr. Carr said in his presentation. Fin7 marketed its ransomware business under the name DarkSide, but more recently has called it BlackMatter, researchers say.

On Monday, three federal agencies—the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the National Security Agency—published an alert, explaining how companies can protect themselves from BlackMatter and warning that in recent months, the ransomware “has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations.”

Bastion Secure isn’t the first fake company Fin7 has used to recruit employees. In August 2015 it used another fake cybersecurity company called Combi Security to recruit a Ukrainian man named Fedir Hladyr as a systems administrator, according to federal prosecutors.

Mr. Hladyr didn’t realize that he was engaged in a criminal enterprise until many months after his hiring, according to his attorney, Arkady Bukh. He said Fin7 had compartmentalized its business to keep its different employees ignorant of the group’s criminal activity. “At some stage, some would figure it out,” the attorney said. “Sometimes not.”

Mr. Hladyr maintained Fin7’s communications servers as well as a world-wide network of servers used to launch and manage cyberattacks, according to federal prosecutors. After pleading guilty to hacking charges, he was sentenced to 10 years in prison in April.

With Bastion Secure, the company made offers to prospective recruits, the researchers say. The Microsoft researchers were able to find a copy of an employment agreement from Bastion Secure sent to a potential employee. “If you actually work there, you’re not supposed to talk about it at speeches or media events,” Mr. Carr said.

It didn’t take long for one potential recruit—applying for an information-technology job—to spot red flags, said Mr. Barysevich, the researcher at Recorded Future whose firm said it spoke with the potential recruit. The first warning sign was that nobody with the company would meet face-to-face or talk via a voice call, the recruit told Mr. Barysevich. Instead, they would communicate only via the encrypted messaging software Telegram or Tox, according to Recorded Future.

Later, the recruit was sent software that Bastion Secure told him he would be using on the job, Mr. Barysevich said. He was asked to connect to what was described as a “client” network and collect information, but not told why or how it would be used. The software tools he was given were in fact hacking tools that a Recorded Future analysis linked to Fin7, Mr. Barysevich said.

Much of the text on the Bastion Secure website appears to have been lifted word-for-word from a legitimate U.K.-based cybersecurity company, Convergent Network Solutions Ltd, researchers say. A spokesman for Convergent said the company is treating the Bastion Secure site as a “malicious website” and is taking steps to get it removed, he said.

The website includes a quote that claims to be from Tom Deevy, described as a managing director of Bastion Secure. The Mr. Deevy quoted on the site couldn’t be reached for comment. Another man named Tom Deevy is a managing director of a company called Bastion Security Products Ltd., a builder of panic rooms and other armored enclosures.

“It’s completely fake,” Mr. Deevy said of the quote. “We’ve never even dealt in the cybersecurity world.”

Mr. Deevy added that a Gateshead, U.K., address listed by Bastion Secure as its U.K. business location was formerly occupied by his company. “That’s an address that we held seven years ago,” he said.

—Valentina Ochirova contributed to this article.

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

TAGGED:Tech NewsWall Street Publication
Share This Article
Twitter Email Copy Link Print
Previous Article Chinese Developer Defaults Pile Up as Evergrande Contagion Spreads Chinese Developer Defaults Pile Up as Evergrande Contagion Spreads
Next Article China wipes Celtics games from internet after Kanter calls Xi Jinping a ‘dictator’ China wipes Celtics games from internet after Kanter calls Xi Jinping a ‘dictator’

Editor's Pick

Alyssa Farah Griffin: ‘The View’ Co-Host is Pregnant With Child #1!

Alyssa Farah Griffin: ‘The View’ Co-Host is Pregnant With Child #1!

Studying Time: 3 minutes The View co-host Alyssa Farah Griffin is pregnant! On ‘The View,’ Alyssa Farah Griffin breaks the…

By Editorial Board 3 Min Read
Melissa Rycroft Admits to Actually “Struggling” in Wake of DUI Arrest
Melissa Rycroft Admits to Actually “Struggling” in Wake of DUI Arrest

Studying Time: 3 minutes Melissa Rycroft is in a darkish place proper…

4 Min Read
Man fatally shot throughout argument over lady at gathering at Tuscaloosa storage unit; suspect jailed
Man fatally shot throughout argument over lady at gathering at Tuscaloosa storage unit; suspect jailed

One individual was killed and a number of other others injured in…

2 Min Read

Oponion

Boat carrying 6 individuals goes lacking whereas crabbing in Sonoma

Boat carrying 6 individuals goes lacking whereas crabbing in Sonoma

Authorities are trying to find survivors after a ship with…

November 4, 2024

DoorDash to Buy Finland Food-Delivery Startup Wolt

DoorDash Inc. said it has agreed…

November 9, 2021

Put together for robust thunderstorms in Clarke County Friday night – winds gusting as much as 40 mph

A report from the Nationwide Climate…

June 21, 2025

Horoscopes Sept. 16, 2025: Amy Poehler, oppportunity knocks; greet it with gratitude

CELEBRITIES BORN ON THIS DAY: Nick…

September 16, 2025

Sony’s Expanded PlayStation Plus Subscription Aims to Take on Xbox Game Pass

Sony Group Corp.’s videogame unit is…

March 29, 2022

You Might Also Like

These Steelseries Earbuds Have Barely Been Out of My Head in Months—and They’re on Sale
Tech

These Steelseries Earbuds Have Barely Been Out of My Head in Months—and They’re on Sale

Searching for an excellent low cost on a novel gaming headset? I have been utilizing the SteelSeries Arctis GameBuds (9/10,…

3 Min Read
The Finest Pet Hair Vacuums for Managing Canine and Cat Hair
Tech

The Finest Pet Hair Vacuums for Managing Canine and Cat Hair

Examine Our PicksOthers Examined{Photograph}: Molly HigginsTineco Go Pet Cordless Vacuum for $219: As once I examined the Tineco Go Mini…

11 Min Read
Enter the Fold With Our Favourite Folding Telephones
Tech

Enter the Fold With Our Favourite Folding Telephones

Different Folding Telephones to ContemplateSamsung Galaxy Z Flip7 {Photograph}: Julian ChokkattuSamsung Galaxy Z Flip7 for $1,100: Samsung's Galaxy Z Flip7…

7 Min Read
Apple Is Having a Banner 12 months—and Has the October Prime Day Offers to Match
Tech

Apple Is Having a Banner 12 months—and Has the October Prime Day Offers to Match

It has been a very good yr for Apple. The skinny, gentle iPhone Air was the largest redesign that the…

6 Min Read
The Wall Street Publication

About Us

The Wall Street Publication, a distinguished part of the Enspirers News Group, stands as a beacon of excellence in journalism. Committed to delivering unfiltered global news, we pride ourselves on our trusted coverage of Politics, Business, Technology, and more.

Company

  • About Us
  • Newsroom Policies & Standards
  • Diversity & Inclusion
  • Careers
  • Media & Community Relations
  • WP Creative Group
  • Accessibility Statement

Contact

  • Contact Us
  • Contact Customer Care
  • Advertise
  • Licensing & Syndication
  • Request a Correction
  • Contact the Newsroom
  • Send a News Tip
  • Report a Vulnerability

Term of Use

  • Digital Products Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Cookie Settings
  • Submissions & Discussion Policy
  • RSS Terms of Service
  • Ad Choices

© 2024 The Wall Street Publication. All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?