The Russian Advanced Persistent Threat (APT) group FIN7 is trying to break into the lucrative ransomware market by creating bogus cybersecurity organizations that perform network attacks under the pretense of pentesting (penetration testing), also known as ethical hacking.
What Is FIN7?
FIN7, also known as Carbanak, is a Russia-based APT that has been around since 2015, targeting American industries such as retail, restaurant, and hospitality. According to Wikipedia, FIN7 has been called one of the most successful criminal hacking groups worldwide.
Considering the fact that ransomware is more and more appealing for hackers and having prior experience with bogus front companies such as “Combi Security,” the FIN7 hacking group created a brand new organization to attract legitimate IT security professionals.
Security experts at Gemini Advisory found out that FIN7 is now running a new bogus business called “Bastion Secure”, replacing the previously reported “Combi Security”.
They also discovered that the newly created company’s website was made up of content belonging to other websites that was stolen and reorganized.
Following an examination of the fake company’s site, the experts discovered that its developers were Russia-based as most of the submenus of the website “return a Russian-language HTTP 404 error”. However,