FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure ‘pen-testing’ company.

The financially motivated cybercrime gang behind the Carbanak backdoor malware, FIN7, has hit upon a genius idea for maximizing profit from ransomware: Hire real pen-testers to do some of their dirty work instead of striking partnerships with other criminals.

According to a report from Gemini Advisory, the group has set up a fake security company (called “Bastion Secure”) and is looking to hire security pros under the guise of needing red-teaming expertise for its clients. In reality, the duped “employees” are carrying out malicious activity, unbeknownst to them.

It’s not the first time FIN7 has masqueraded as a legitimate security firm, but this latest gambit showcases its continued expansion into the ransomware area, researchers noted.

FIN7’s Expansion into Ransomware

FIN7 (aka Carbanak Gang or Navigator Group) has been in operation since at least 2015, and is well-known for both maintaining persistent access at target companies with its custom backdoor malware, and for targeting point-of-sale (PoS) systems with skimmer software. The group often targets casual-dining restaurants, casinos and hotels, and it’s been

Read More: