Blog

Hacker Group FIN7 Trick IT Specialists

Hackers Trick IT Specialists

Hackers Trick IT Specialists Workplace Connect

FIN7 

FIN7 a financially motivated Russian hacking organisation set up a fake company to recruit unsuspecting IT specialists into supporting its continued expansion of ransomware.

According to researchers FIN7 were operating under the company name “Bastion Secure” and claimed to offer specialised public sector cyber security services.

Bastion Secure’s website looked like a legitimate website, but the researchers found that FIN7 was using real legitimate cybersecurity company details such as phone numbers, office locations and content pulled from legitimate websites to make Bastion Secure’s website look legitimate. Bastion Secure claimed that their company won a “Best Managed Security Service” award and said that the company’s consultancy arm was acquired by Six Degrees (a cyber security provider). Both statements were false and used to try and boost the legitimacy of the fake security company.

Bastion Secure Ltd created fake job listings for roles such as Windows Network Administrator, PHP Programmers, and reverse engineers. A researcher from Gemini Advisory was offered a position as an IT specialist at “Bastion Secure Ltd” and was given tools by Bastion Secure for a test assignment as part of the interview process. These tools were then analysed, and it was determined that some of the components in the toolkit were exploitation tools that are commonly used for ransomware attacks. The researcher from Gemini Advisory reported that as part of the interview process they were given tasks that “matched the steps taken to prepare a ransomware attack.”

FIN7’s decision to use a fake cybersecurity company to recruit unsuspecting IT specialists for its criminal activity was driven by FIN7’s desire to use cheap skilled labour, the jobs that Bastion Secure was offering ranged from £800-£1200 per month starting salary. Bastion Secure was happy to pay this monthly salary because if they completed a successful ransomware attack the monthly salaries would be a small fraction of the profit from the attack.

FIN7 operated under the name of Bastion Secure and was looking for people with a very specific skill set like a system administrator since an individual with that specific skill set would be able to assist FIN7 in:

  • Mapping out a compromised company’s systems. 
  • Identify users and devices within the system. 
  • Locate important company information like backup servers and company files. 

  

How FIN7 would gain access to a company. 

For the system administrator to map a company’s systems the company would first need to be compromised. FIN7 would gain initial access through well-engineered phishing emails and various social engineering methods. Once the system administrator gained access to the system FIN7 would then proceed with the next step in their plan which would be either a malware or ransomware infection. 

What happened to Bastion Secure? 

Once researchers discovered what was really going on several FIN7 members were arrested and the company Bastion Secure was shut down.

 

What is FIN7 doing now? 

Since the shutdown of Bastion Secure FIN7 has moved on to using a different method of spreading their malware the most recent of which involves FIN7 members impersonating the U.S. Department of Health and Human Services as well as Amazon to trick companies into using malicious USB drives, according to the FBI. 

How can you protect your company against malicious USB drives? 

The best way to protect against these types of attacks is to ensure that you don’t plug a USB drive into a computer unless you are certain that the drive is safe. Unless you are the owner of a USB drive don’t trust it. 

Contact us today to learn more about keeping your business secure: Workplace Connect Contact 

Read more regarding FIN7:  FIN7, GOLD NIAGARA, ITG14, Carbon Spider, Group G0046 | MITRE ATT&CK® 

Blogs

Review Text

Testimonial #1 Designation

Review Text

Testimonial #2 Designation

Review Text

Testimonial #3 Designation

    Our Partners

    Hackers Trick IT Specialists Workplace Connect
    Hackers Trick IT Specialists Workplace Connect
    Hackers Trick IT Specialists Workplace Connect
    Hackers Trick IT Specialists Workplace Connect
    Hackers Trick IT Specialists Workplace Connect
    Hackers Trick IT Specialists Workplace Connect

    Clients Testimonials

    Stephen Sawley

    Being partnered with WPC is a joy. Their level of service and turnaround is exceptional. As is every member of the support team that I am in contact with. Savvy support and great to work with!

    Mark G

    We have been using Workplace Connect for around 2 years now, and have found them to be a great company to work with. The change over from our last provider was seamless, and we have enjoyed an uninterrupted service since then. They are always available to assist with any enquiries, and deal with all matters promptly. I wouldn't hesitate to recommend them to other businesses.

    Elliot Azim

    I have worked with this company for over 4 years and can safely say that the customer service is second to none. The staff go above and beyond to assist with clients and suppliers and are always very friendly and responsive. I would highly recommend Workplace to anyone looking for a quality IT partner.

      Certifications

      Hackers Trick IT Specialists Workplace Connect
      Hackers Trick IT Specialists Workplace Connect
      Hackers Trick IT Specialists Workplace Connect
      Hackers Trick IT Specialists Workplace Connect

      Get Our Free Guide

      Hackers Trick IT Specialists Workplace Connect

      For more resources, click the link below

      Latest Resources

      Hackers Trick IT Specialists Workplace Connect

      4 Features Coming to the Cloud

      Learn the 4 new features which will be coming to…

      Hackers Trick IT Specialists Workplace Connect

      What Is Social Engineering? – Whitepaper

      Social engineering is one of the most common forms of…

      Hackers Trick IT Specialists Workplace Connect

      Top 5 Cyber Security Myths

      Learn about the 5 most common cyber security myths. Cyber…

      Subscribe for Latest Cyber Security News & Tips

        Name

        Company

        Email

          Speak to a Specialist