Russian-Speaking Ransomware Gangs on the Hunt for Pen Testers

In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations.

Dark Reading Staff, Dark Reading

November 19, 2024

1 Min Read
Words reading "Penetration test" on a blue screen
Source: Aleksey Funtap via Alamy Stock Photo

Ransomware gangs such as Apos, Lynx, and Rabbit Hole are seeking pen testers to join their ransomware affiliate programs and assist in their malicious operations.

Penetration testing, i.e., simulating an attack in order to identify gaps and vulnerabilities within a system, is an essential cyber practice to gauge the strength of a system, program, or operation. Now, according to researchers at Cato Networks in its "Q3 2024 Cato CTRL SASE Threat Report," multiple Russian job listings have sprung up on the Dark Web, detailing requirements for the same skill set, preferably pen testers with experience in Russian language forums. It is the latest example of the professionalization of Russian cybercriminal groups.

"Ransomware is one of the most pervasive threats in the cybersecurity landscape," Etay Maor, chief security strategist at Cato Networks, wrote in a statement. "It impacts everyone — businesses and consumers — and threat actors are constantly trying to find new ways to make their ransomware attacks more effective."

While Apos, Lynx, and Rabbit Hole clearly have some Russian-speaking members, it's unclear whether all of their members are Russian-speaking, or if they're based in Russia, according to Cato.

Other findings in the Cato cyber-threat report include rising threats from Shadow AI, i.e., unauthorized artificial intelligence programs; and the lack of utilization of Transport Layer Security (TLS), a tool that allows organizations to decrypt, inspect, and re-encrypt traffic, but which poses some risks that prompt organizations to forgo it altogether.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights