FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks
The cybercrime gang behind the Carbanak backdoor malware, FIN7, has allegedly launched a new campaign in which it hires real security professionals to do some of its dirty work instead of forming partnerships with other criminal entities. According to a new report from Gemini Advisory, FIN7 has assembled a fake security company called Bastion Secure and is currently looking to trick legitimate pen-testers into doing malicious work. The professionals are lured into the position under the guise of red-teaming needs for fake clients. The employees then conduct malicious activity, unbeknownst to them.
This is not the first time that FIN7 has attempted a similar scheme, however, the latest development showcase the group’s continued expansion into ransomware. The group has been in operation since at least 2015 and has gained national attention for its ability to maintain persistent access at target companies with its custom backdoor malware. The group is also widely known to target point-of-sale systems with skimmer software, such as dining restaurants, casinos, and hotels. In the US alone, FIN7 has stolen more than 20 million customer card records from more than 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.