Ethical hackers or pentester should never accept offers from these two cyber security companies

Cybersecurity experts report that the dangerous hacker group FIN7 has decided to start its own ransomware operation using an unusual tactic, based on the creation of fake security firms and the hiring of experts for the deployment of powerful cyberattacks hidden under an alleged pentesting job.

So far experts have identified at least two alleged cybersecurity companies created for the aforementioned purpose: Combi Security and Bastion Security.

The first of these websites is hosted on the Russian hosting site Beget, very popular among cybercriminal groups. Most submenus of the site return an HTTP 404 error in Russian, indicating the language that the platform operators are mastering; if you are currently visiting this website, you may still encounter these HTTP 404 errors.

The website is a clone of the Convergent Network Solutions Ltd website; Bastion Secure’s “About” page indicates that it is a derivative of the legitimate cybersecurity company that is not linked to FIN7 anyway.

Hackers operating under the guise of Bastion Secure post job postings for experts in various programming languages, offering between $800 and $1,200 USD a month for various hacking activities.

FIN 7 was looking for developers to map the networks of compromised companies and extract sensitive data, including backup. Initial access to target organizations was gained through phishing attacks or through the purchase of exploits and leaked credentials on the dark web; once they accessed the target network, the threat actors could deliver the malicious payloads.

A member of the research team submitted his job application; after being accepted, FIN 7 gave him access to a set of powerful hacking tools such as Carbanak and Lizar, assigning the researcher the task of accessing the networks of an affected company.

For security, cybersecurity and pentesting experts are advised to ignore any job offer sent by these companies, since it is most likely a façade to cover up a complex cybercriminal operation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.