This website collects cookies to deliver better user experience. Cookie Policy
Accept
Sign In
The Wall Street Publication
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Reading: Ransomware Gang Poses as Real Company to Recruit Tech Talent
Share
The Wall Street PublicationThe Wall Street Publication
Font ResizerAa
Search
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Have an existing account? Sign In
Follow US
© 2024 The Wall Street Publication. All Rights Reserved.
The Wall Street Publication > Blog > Tech > Ransomware Gang Poses as Real Company to Recruit Tech Talent
Tech

Ransomware Gang Poses as Real Company to Recruit Tech Talent

Editorial Board Published October 21, 2021
Share
Ransomware Gang Poses as Real Company to Recruit Tech Talent
SHARE

A criminal organization believed to have built the software that shut down a U.S. fuel pipeline has set up a fake company to recruit potential employees, according to researchers at the intelligence firm Recorded Future and Microsoft Corp. MSFT 1.09%

The fake company is using the name Bastion Secure, according to the researchers. On a professional-looking website, the company says it sells cybersecurity services. But the site’s operator is a well-known hacking group called Fin7, Recorded Future and Microsoft say.

Fin7 is believed to have hacked hundreds of businesses, stolen more than 20 million customer records and written the software used in a hack that disrupted gasoline delivery in parts of the Southeastern U.S., federal prosecutors and researchers say.

The Bastion Secure website, which uses the logo BS, has listed jobs that are technical in nature and appear similar to work that would be performed at any security company—programmers, system administrators and people who are good at finding bugs in software. Prospective hires will work nine-hour days on a predictable schedule: Monday to Friday, according to the company website. Lunch breaks are provided, the site says.

The attempt to impersonate a legitimate company for recruiting purposes represents a new development by purveyors of ransomware to grow and spread a scourge that has disrupted meat production, hospital care, education and hundreds of businesses. With hundreds of millions of dollars in illegal earnings, ransomware operators are increasingly operating like criminal startups with professionalized support staff, software development, cloud-computing services and media relations, security researchers say.

SHARE YOUR THOUGHTS

How do you think cyberattacks will continue to change the landscape of national security? Join the conversation below.

Recorded Future shared its findings with The Wall Street Journal and planned to publish them in a blog post Thursday. Microsoft officials gave a presentation on their discovery earlier this month at a conference hosted by the cybersecurity firm Mandiant.

Emails to an address listed on the Bastion Secure website went unanswered. A phone call to an Israeli number listed on the site was answered by a Russian-speaking man. “I’m just a person. I have nothing to do with any cybersecurity company,” he said before hanging up.

The recruiting effort appears concentrated on Russian speakers, the researchers said. While criminals have traditionally operated in the shadows—recruiting partners in criminal forums—the demands of Fin7’s growing business appear to have pushed it to recruit in the open, security researchers say.

“You can find more qualified people when you search more broadly,” said Andrei Barysevich, the head of Gemini Advisory, a division of Recorded Future. “There’s a lot of embedded law-enforcement agents on the dark web.”

Information-technology jobs advertised by Bastion Secure offer salaries between $800 and $1,200 a month. That is decent pay in former Soviet countries such as Ukraine, but “a small fraction of a cybercriminal’s portion of the criminal profits from a successful ransomware extortion or large-scale payment-card-stealing operation,” according to the Recorded Future report.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

Fin7 has hacked thousands of computer systems and for years focused on stealing and selling credit-card information. The 70-person group caused more than $3 billion in damages to companies and individuals, federal prosecutors say.

The group has recently shifted from stealing card information to ransomware, and it now manages a ransomware service and conducts intrusions to deploy the file-encrypting software, said Nick Carr, a security analyst at Microsoft, while speaking at the Mandiant conference.

Microsoft believes Fin7 produced the software used in the hack that disrupted Colonial Pipeline Co.’s operations in the spring. The actual hack is believed to have been carried out by a criminal affiliate of Fin7, Mr. Carr said in his presentation. Fin7 marketed its ransomware business under the name DarkSide, but more recently has called it BlackMatter, researchers say.

On Monday, three federal agencies—the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the National Security Agency—published an alert, explaining how companies can protect themselves from BlackMatter and warning that in recent months, the ransomware “has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations.”

Bastion Secure isn’t the first fake company Fin7 has used to recruit employees. In August 2015 it used another fake cybersecurity company called Combi Security to recruit a Ukrainian man named Fedir Hladyr as a systems administrator, according to federal prosecutors.

Mr. Hladyr didn’t realize that he was engaged in a criminal enterprise until many months after his hiring, according to his attorney, Arkady Bukh. He said Fin7 had compartmentalized its business to keep its different employees ignorant of the group’s criminal activity. “At some stage, some would figure it out,” the attorney said. “Sometimes not.”

Mr. Hladyr maintained Fin7’s communications servers as well as a world-wide network of servers used to launch and manage cyberattacks, according to federal prosecutors. After pleading guilty to hacking charges, he was sentenced to 10 years in prison in April.

With Bastion Secure, the company made offers to prospective recruits, the researchers say. The Microsoft researchers were able to find a copy of an employment agreement from Bastion Secure sent to a potential employee. “If you actually work there, you’re not supposed to talk about it at speeches or media events,” Mr. Carr said.

It didn’t take long for one potential recruit—applying for an information-technology job—to spot red flags, said Mr. Barysevich, the researcher at Recorded Future whose firm said it spoke with the potential recruit. The first warning sign was that nobody with the company would meet face-to-face or talk via a voice call, the recruit told Mr. Barysevich. Instead, they would communicate only via the encrypted messaging software Telegram or Tox, according to Recorded Future.

Later, the recruit was sent software that Bastion Secure told him he would be using on the job, Mr. Barysevich said. He was asked to connect to what was described as a “client” network and collect information, but not told why or how it would be used. The software tools he was given were in fact hacking tools that a Recorded Future analysis linked to Fin7, Mr. Barysevich said.

Much of the text on the Bastion Secure website appears to have been lifted word-for-word from a legitimate U.K.-based cybersecurity company, Convergent Network Solutions Ltd, researchers say. A spokesman for Convergent said the company is treating the Bastion Secure site as a “malicious website” and is taking steps to get it removed, he said.

The website includes a quote that claims to be from Tom Deevy, described as a managing director of Bastion Secure. The Mr. Deevy quoted on the site couldn’t be reached for comment. Another man named Tom Deevy is a managing director of a company called Bastion Security Products Ltd., a builder of panic rooms and other armored enclosures.

“It’s completely fake,” Mr. Deevy said of the quote. “We’ve never even dealt in the cybersecurity world.”

Mr. Deevy added that a Gateshead, U.K., address listed by Bastion Secure as its U.K. business location was formerly occupied by his company. “That’s an address that we held seven years ago,” he said.

—Valentina Ochirova contributed to this article.

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

TAGGED:Tech NewsWall Street Publication
Share This Article
Twitter Email Copy Link Print
Previous Article Chinese Developer Defaults Pile Up as Evergrande Contagion Spreads Chinese Developer Defaults Pile Up as Evergrande Contagion Spreads
Next Article China wipes Celtics games from internet after Kanter calls Xi Jinping a ‘dictator’ China wipes Celtics games from internet after Kanter calls Xi Jinping a ‘dictator’

Editor's Pick

California dwelling of lacking child’s mother and father searched; father has served time for youngster cruelty

California dwelling of lacking child’s mother and father searched; father has served time for youngster cruelty

San Bernardino County sheriff’s investigators on Sunday, Aug. 17, searched the house of the mother and father of the infant…

By Editorial Board 9 Min Read
Farmer Needs a Spouse: John Sansone and Claire Dinette Break up!
Farmer Needs a Spouse: John Sansone and Claire Dinette Break up!

Studying Time: 2 minutes It's sadly over for one more actuality tv…

4 Min Read
Steak ‘n Shake slams Cracker Barrel CEO for eliminating ‘old-timer’ from emblem: ‘We take delight in our historical past’
Steak ‘n Shake slams Cracker Barrel CEO for eliminating ‘old-timer’ from emblem: ‘We take delight in our historical past’

FOX Enterprise’ Jeff Flock experiences on Cracker Barrel unveiling a brand new…

4 Min Read

Oponion

Holly Madison Decries Group Intercourse with Hugh Hefner: ‘I Hated It’

Holly Madison Decries Group Intercourse with Hugh Hefner: ‘I Hated It’

Studying Time: 3 minutes Holly Madison hated the group intercourse…

May 5, 2025

Adobe launches standalone app for producing AI movies, photos

(Bloomberg/Chris Welch) — Adobe Inc. on…

June 17, 2025

How To Gown Like A Man In 2024 | Fashion

Designers have an odd behavior of…

September 20, 2024

One 12 months after Baltimore bridge collapse, NTSB finds 68 US bridges, together with 4 within the Bay Space, should be assessed for danger of collapse if hit by ship

By Gabe Cohen | CNNWashington —…

March 21, 2025

Economists Split on Whether Bank of Canada Raises Rates Wednesday

OTTAWA—Canada’s central bank is on the…

January 25, 2022

You Might Also Like

Selecting the Proper MacBook Is not As Troublesome As You Would possibly Suppose
Tech

Selecting the Proper MacBook Is not As Troublesome As You Would possibly Suppose

The larger change is in what number of exterior shows the M3 MacBook Air can help. Whereas the M4 mannequin…

29 Min Read
Our Editors’ Favourite Large Display screen Chromebook Is Now 9
Tech

Our Editors’ Favourite Large Display screen Chromebook Is Now $159

Again to high school is at all times a good time to choose up a deal on a brand new…

2 Min Read
The Rad ‘Tony Hawk’s Professional Skater 3+4’ Remasters Are  Off Proper Now
Tech

The Rad ‘Tony Hawk’s Professional Skater 3+4’ Remasters Are $15 Off Proper Now

In search of a wholesome dose of gaming nostalgia? It can save you $15 on Tony Hawk’s Professional Skater 3+4,…

3 Min Read
The Finest Paper Planners Our Editors Use to Set up Their Lives
Tech

The Finest Paper Planners Our Editors Use to Set up Their Lives

There's nothing like the sensation of a brand-new planner. As the brand new faculty yr kicks off, we have discovered…

32 Min Read
The Wall Street Publication

About Us

The Wall Street Publication, a distinguished part of the Enspirers News Group, stands as a beacon of excellence in journalism. Committed to delivering unfiltered global news, we pride ourselves on our trusted coverage of Politics, Business, Technology, and more.

Company

  • About Us
  • Newsroom Policies & Standards
  • Diversity & Inclusion
  • Careers
  • Media & Community Relations
  • WP Creative Group
  • Accessibility Statement

Contact

  • Contact Us
  • Contact Customer Care
  • Advertise
  • Licensing & Syndication
  • Request a Correction
  • Contact the Newsroom
  • Send a News Tip
  • Report a Vulnerability

Term of Use

  • Digital Products Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Cookie Settings
  • Submissions & Discussion Policy
  • RSS Terms of Service
  • Ad Choices

© 2024 The Wall Street Publication. All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?