There are better jobs out there, we promise

A hacking group linked to the ransomware attack on Colonial Pipeline earlier this year is posing as a fake company to recruit individuals to help carry out further attacks, according to a report published Thursday.

Bad recruiters: According to a report from cybersecurity group Recorded Future’s Gemini Advisory, prolific cybercriminal group FIN7 is running a fake company known as “Bastion Secure” aimed at recruiting more talent to carry out ransomware attacks.

The Wall Street Journal first reported the findings Thursday, citing both the report from Recorded Future and a presentation given by Microsoft officials at a conference earlier this month. The FIN7 group allegedly wrote the software used to carry out an attack on Colonial Pipeline in May, causing temporary gas shortages in multiple states.

First-hand experience: The findings came after an employee for Gemini Advisory was contacted and offered a job as an IT specialist for the Bastion Secure group, and was given tools to work with during the interview process that are commonly used to carry out ransomware attacks.

Bastion Secure reportedly employed a legitimate website to masquerade as a real company, but Gemini analysts determined it was a copy of a real cybersecurity group’s website that was hosted by a Russian domain registrar. Based on language used on the website, the analysts determined those behind it were likely Russian speakers.