FIN7, a financially motivated Russian hacking group, has set up a fake company to lure unwitting IT specialists into supporting its continued expansion into ransomware, security researchers have found.
According to researchers at Recorded Future’s Gemini Advisory unit, FIN7 — known for hacking into point-of-sale registers and stealing over $1 billion from millions of credit cards — is now operating under the guise of Bastion Secure, which claims to offer specialized public sector cybersecurity services.
Bastion Secure’s website looks like the real deal. But the research found FIN7 is using real, publicly available information from existing, legitimate cybersecurity companies — phone numbers, office locations and text pulled from real websites — to create a veil of legitimacy. Bastion’s website claims it won “Best Managed Security Service” at the SC Magazine awards in 2016, and that the fake company’s consultancy arm was acquired by Six Degrees in 2016. Neither are true.
Recorded Future’s analysis of the fake company’s website found it is largely copied fro …
