We are supported by readers, when you click & purchase through links on our site we earn affiliate commission. Learn more.

l + f: Cybercrime gang hires security specialists

Because the services of security specialists are still cheaper than real criminals who insist on a share of the loot, a CyberCrime gang pulled up a front company called Bastion Secure. The then hired specialists for allegedly legitimate penetration tests, explains the real security company Gemini Advisory.

Bastion Secure is looking for IT specialists with knowledge of system administration and reverse engineering on its website. At first glance, this web page looks very real, which is probably due to the fact that it is modeled almost 1: 1 on a web page of a legitimate security company. In the meantime, a phishing warning appears when you visit the Bastion Security website.

Bastion Secure apparently simply recreated its website.

(Image: screenshot)

A source from Gemini Advisory worked through the multi-stage application process and finally received his first real assignment. This consisted of researching a network according to all the rules of the art. In particular, information on domain admins, file shares and backups was in demand. For this purpose, the new employee received remote access to the alleged customer’s network, but no explanations or even documents from which it would have emerged that it was actually a legitimate order.

From an analysis of the test and work materials provided heads Gemini Advisory from the fact that behind Bastion Secure in truth the CyberCrime gang FIN7 / Carbanak is. This had carried out highly professional robberies in the banking environment for many years. In the meantime, as DarkSide and BlackMatter, she has specialized in the even more profitable and, above all, lower-risk ransomware business.

DarkSide and BlackMatter’s specialty is Ransomware-as-a-Service (RaaS). The RaaS provider provides its affiliates with instructions, infrastructure and tools for their raids. Such affiliates then get a share of between 20 and 90 percent of the loot. The hope was that “normal employees” would be cheaper. A typical salary for a security specialist in Russia is 1000 euros a month; Ransom money ranges from 100,000 to several million.

(ju)

To home page