US authorities have charged three Ukrainians accused of being members of Fin7, a notorious cybergang believed to have hacked into the systems of over 100 American companies, stealing millions of card details from thousands of POS terminals.
The men - Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov - have all been arrested in different countries, with each facing 26 felony charges, alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.
Based in Eastern Europe, Fin7 is accused of using a version of the Carbanak malware to gain access to the computer systems of firms, predominantly in the restaurant, gaming and hospitality industries.
Since 2015, the hackers managed to breach more than 100 US companies, including Chipotle and Arby's, stealing more than 15 million card records from over 6500 POS terminals. Firms in the UK, Australia and France were also hit, with the gang either using or selling the card data.
According to the US Department of Justice, Hladyr allegedly served as FIN7’s systems administrator and is in custody in Seattle. Fedorov, accused of being a high-level hacker and manager, is being detained in Poland, while Kolpakov, said to have supervised a group of hackers, is being held in Spain. The US is seeking their extradition.
Fin7 managed to install the malware by sending firms "carefully crafted emails" which were backed up by phone calls. The emails contained files, which if opened and activated infected the computers with Carbanak and other tools for stealing card data.
The gang also used a front company, Combi Security, purportedly headquartered in Russia and Israel, to provide a guise of legitimacy and to recruit hackers.
US Attorney Annette Hayes, says: "Cyber criminals who believe that they can hide in faraway countries and operate from behind keyboards without getting caught are just plain wrong.
"We will continue our longstanding work with partners around the world to ensure cyber criminals are identified and held to account for the harm that they do - both to our pocketbooks and our ability to rely on the cyber networks we use."