{"id":5742,"date":"2021-10-21T17:34:41","date_gmt":"2021-10-21T08:34:41","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=5742"},"modified":"2021-12-10T17:38:57","modified_gmt":"2021-12-10T08:38:57","slug":"carbanak-hacking-group-enters-ransomware-space-by-creating-a-fake-cybersecurity-company","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/carbanak-hacking-group-enters-ransomware-space-by-creating-a-fake-cybersecurity-company\/","title":{"rendered":"Carbanak hacking group enters ransomware space by creating a fake cybersecurity company"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5742\" class=\"elementor elementor-5742\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1821288 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1821288\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2378856\" data-id=\"2378856\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e36c3bb elementor-widget elementor-widget-text-editor\" data-id=\"e36c3bb\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Thursday 21<sup>st<\/sup> of October 2021, researchers at Gemini Advisory released a blog detailing evidence that FIN7 (aka &#8216;Carbanak&#8217;) hacking group has set up a fake cybersecurity company known as Bastion Security which was being used to hire pentesters and system administrators to conduct pre-encryption stages of ransomware attacks.<\/p><p>Researchers discovered Bastion Security website was made up of stolen and re-compiled content from other websites like Convergent Network Solutions Ltd. And it also discovered that the company claimed they are based out of England, but the site serves Russian-language 404 error pages.<\/p><p>Through the Bastion Security website, FIN7 was looking to hire C++, PHP, and Python programmers, Windows system administrators, and reverse engineering specialists for a salary of between $800 and $1,200 per month. FIN7 was looking for individuals who had the ability to map compromised corporate systems, perform network reconnaissance, and locate backup servers and files.<\/p><p>One of the sources for Gemini Advisory had applied to one of the jobs to investigate the fake company more and to find more evidence that FIN7 was behind it. What they discovered was the internal tools being used by the company were the well-known post-exploitation tools Carbanak and Lizar\/Tirion which was disguised as &#8220;Command Manager.&#8221; Then the source was tasked with collecting information relevant to admin accounts, backups on a company\u2019s network which they were told was a client that had ordered pentesting services.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Thursday 21st of October 2021, researchers at Gemini Advisory released a blog detailing evidence that FIN7 (aka &#8216;Carbanak&#8217;) hacking group has set up a fake cybersecurity company known as Bastion Security which was being used to hire pentesters and system administrators to conduct pre-encryption stages of ransomware attacks. Researchers discovered Bastion Security website was made up of stolen and<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":5747,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,12,9,2,8,1],"tags":[],"class_list":["post-5742","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ransomware_criminals","category-ce_news","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2021\/12\/Picture1-12.jpg?fit=1377%2C919&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5742"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=5742"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5742\/revisions"}],"predecessor-version":[{"id":5750,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5742\/revisions\/5750"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/5747"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=5742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=5742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=5742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}