Ransomware gang with ties to Colonial Pipeline hack reportedly recruiting talent under guise of real tech company

A criminal organization believed to have produced the software used in the Colonial Pipeline hack earlier this year has "set up a fake company to recruit potential employees," The Wall Street Journal reports, according to researchers at Microsoft and intelligence firm Recorded Future.

The phony cybersecurity organization is reportedly using the name Bastion Secure, and is thought to be run by "well-known hacking group" Fin7, Recorded Future and Microsoft told the Journal. They're believed to have attacked "hundreds of businesses, stolen more than 20 million customer records and written the software used in a hack that disrupted gasoline delivery in parts of the Southeastern U.S," the Journal explains, per federal prosecutors and researchers.

This latest impersonation attempt "represents a new development by purveyors of ransomware to grow and spread a scourge" that has disrupted hundreds of businesses, across sectors, writes the Journal. Ransomware groups are "increasingly operating like criminal startups," using illegally-earned millions to fund their grift.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

The professional-looking Bastion Secure website lists routine jobs for any security agency — programmers, administrators, etc. And despite its fraudulence, the company made offers to some prospective recruits, per researchers. One potential new hire spotted red flags in the operation not long after, telling Recorded Future that nobody at Bastion would meet face-to-face or talk via voice call.

In fact, a phone call to a number listed on Bastion Secure's site was answered by a Russian-speaking man with what appeared to be no knowledge of the organization, writes the Journal. "I'm just a person. I have nothing to do with any cybersecurity company," he exclaimed before hanging up. Read more at The Wall Street Journal.