Ransomware gang with ties to Colonial Pipeline hack reportedly recruiting talent under guise of real tech company


A criminal organization believed to have produced the software used in the Colonial Pipeline hack earlier this year has "set up a fake company to recruit potential employees," The Wall Street Journal reports, according to researchers at Microsoft and intelligence firm Recorded Future.
The phony cybersecurity organization is reportedly using the name Bastion Secure, and is thought to be run by "well-known hacking group" Fin7, Recorded Future and Microsoft told the Journal. They're believed to have attacked "hundreds of businesses, stolen more than 20 million customer records and written the software used in a hack that disrupted gasoline delivery in parts of the Southeastern U.S," the Journal explains, per federal prosecutors and researchers.
This latest impersonation attempt "represents a new development by purveyors of ransomware to grow and spread a scourge" that has disrupted hundreds of businesses, across sectors, writes the Journal. Ransomware groups are "increasingly operating like criminal startups," using illegally-earned millions to fund their grift.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The professional-looking Bastion Secure website lists routine jobs for any security agency — programmers, administrators, etc. And despite its fraudulence, the company made offers to some prospective recruits, per researchers. One potential new hire spotted red flags in the operation not long after, telling Recorded Future that nobody at Bastion would meet face-to-face or talk via voice call.
In fact, a phone call to a number listed on Bastion Secure's site was answered by a Russian-speaking man with what appeared to be no knowledge of the organization, writes the Journal. "I'm just a person. I have nothing to do with any cybersecurity company," he exclaimed before hanging up. Read more at The Wall Street Journal.
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Brigid Kennedy worked at The Week from 2021 to 2023 as a staff writer, junior editor and then story editor, with an interest in U.S. politics, the economy and the music industry.
-
July 12 editorial cartoons
Cartoons Saturday's political cartoons include generational ennui, tariffs on Canada, and a conspiracy rabbit hole
-
5 unusually elusive cartoons about the Epstein files
Cartoons Artists take on Pam Bondi's vanishing desk, the Mar-a-Lago bathrooms, and more
-
Lemon and courgette carbonara recipe
The Week Recommends Zingy and fresh, this pasta is a summer treat
-
Nvidia hits $4 trillion milestone
Speed Read The success of the chipmaker has been buoyed by demand for artificial intelligence
-
X CEO Yaccarino quits after two years
Speed Read Elon Musk hired Linda Yaccarino to run X in 2023
-
Musk chatbot Grok praises Hitler on X
Speed Read Grok made antisemitic comments and referred to itself as 'MechaHitler'
-
Disney, Universal sue AI firm over 'plagiarism'
Speed Read The studios say that Midjourney copied characters from their most famous franchises
-
Amazon launches 1st Kuiper internet satellites
Speed Read The battle of billionaires continues in space
-
Test flight of orbital rocket from Europe explodes
Speed Read Isar Aerospace conducted the first test flight of the Spectrum orbital rocket, which crashed after takeoff
-
Apple pledges $500B in US spending over 4 years
Speed Read This is a win for Trump, who has pushed to move manufacturing back to the US
-
Microsoft unveils quantum computing breakthrough
Speed Read Researchers say this advance could lead to faster and more powerful computers