Group Linked To Colonial Pipeline Hack Builds Fake Site To Recruit Employees - Reports

A cybercriminal group believed to be responsible for the ransomware software that shut down Colonial Pipeline in May set up a fake tech company website in order to recruit new employees, The Wall Street Journal reported on Thursday, citing intelligence officials at cybersecurity firm Recorded Future and Microsoft

WASHINGTON (UrduPoint News / Sputnik - 21st October, 2021) A cybercriminal group believed to be responsible for the ransomware software that shut down Colonial Pipeline in May set up a fake tech company website in order to recruit new employees, The Wall Street Journal reported on Thursday, citing intelligence officials at cybersecurity firm Recorded Future and Microsoft.

The hacking group, known as Fin7, set up a professional-looking website for a fake cybersecurity company they called Bastion Secure and posted job listings for standard tech positions such as programmer and system administrator, Recorded Future and microsoft said.

The groups are able to use the hundreds of millions of Dollars gained through illegal means such as ransomware attacks to set up criminal operations with professionalized support staff, software developers and media relations, according to the researchers at Recorded Future and Microsoft.

The group's recruitment efforts through the fake site appear to be concentrated on Russian speakers, the researchers said. Calling an Israeli number listed on the site led to a reply from a Russian-speaking male who denied any connection to a cybersecurity company, they added. The salaries offered by the group - between $800 and $1,200 a month - are decent pay in former Soviet countries such as Ukraine, the Recorded Future report said.

Cybersecurity officials at Microsoft believe that the group was responsible for developing the ransomware software used to disrupt Colonial Pipeline earlier this year, but that the actual hack was carried out by a different criminal affiliate.