Not all job scams are the same. Some have you work legitimately and pay a going rate, while in this case you deliver them the expertise needed to steal. Hacking group FIN7 was caught operating Bastion Security, fronting as a British company yet operating out of Russia.
A threat intelligence company had a source join the underground group via the front business. The spy was able to obtain FIN7 tooling once joining. Carbanak and Lizar/Tirion were the tools he found the group using for “pentests”.
Jobs were advertised around $1000 USD per month for 9 – 12 hours of work per day through the week. Rough conditions for Eastern Europeans.
Bastion took cover with their name, trying to pass themselves off as other legitimate security-named companies registered and known to major search engines. Their website looks legitimate yet is mostly copied from Convergent Network Solutions.
Part of the demands of the group is for an operator to install VMs locally with ports to the host unblocked.