Ransomware Group Linked to Colonial Pipeline Impersonates a Legit Company to Recruit Potentially Talented Employees

A criminal organization now believed to have built the software responsible for shutting down a U.S. fuel pipeline is setting up a fake company to recruit potential employees. The ransomware group is reportedly impersonating a legit company to recruit talented employees potentially.

Fake Company Called Bastion Secure

According to the story by The Wall Street Journal, the information was according to researchers at the intelligence firm known as Recorded Future and Microsoft. The fake company is now named Bastion Secure.

Despite a professional-looking website noting the company sells cybersecurity services, the site's operator is a well-known hacking group known as Fin7, Recorded Future, and Microsoft. Fin7 reportedly has hacked hundreds of different businesses, stolen over 20 million customer records, and even written the software that could hack the disputed gasoline delivery in certain parts of the Southeastern U.S., as per federal prosecutors and researchers.

Ransomware Group Job Listing

The website, which uses a B.S. logo, listed jobs that are reportedly technical in nature and also appear quite similar to work that could perform at any security company. These include programmers, system administrators, and other people that are good at finding bugs in their software. The colonial pipeline ransomware attack saw cyber insurance prices go up as energy companies are now scrambling to get one.

Prospective hires will reportedly work nine-hour days on a more predictable schedule from Monday to Friday and up to $1,200 salary as per The Daily Beast. The site also notes that lunch breaks are provided. The attempt to impersonate a legit company for certain recruiting purposes shows a new ransomware development by certain purveyors.

Ransomware Group Attacks

This is to be able to spread a scourge that has been able to disrupt meat production, hospital care, education, and even hundreds of different businesses. About hundreds of millions of dollars when it comes to illegal earnings. These ransomware operators are now increasingly operating just like criminal startups.

The ransomware operators are increasingly operating like startups with the help of software development, support staff, and even cloud-computing services along with media relations, as per the researchers. Recorded Future reportedly shared its findings to The Wall Street Journal and even planned to publish them in a blog.

Read Also: REvil Ransomware Claims Group is Ending Activity | Researchers Skeptical About Latest Shut Down

Investigation Into Bastion Secure

Microsoft officials already gave a presentation regarding their discovery earlier in October 2021 at a conference that was hosted by the known cybersecurity firm Mandiant. It was noted that emails to an address listed on the said Bastion Secure website remained unanswered. The colonial pipeline hack resulted in $5 million worth of crypto being paid to the hackers.

A phone call towards a certain Israeli number that was listed on the site was actually answered by a Russian-speaking person. The response to the phone call noted that the person being called had nothing to do with any cybersecurity company.

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics