A Ukrainian national has been sentenced to 10 years in prison for his high-level role in the criminal work of the notorious hacking group FIN7.
The FIN7 hacking collective was behind a wave of phishig campaigns that used the Carbanak malware to infiltrate business servers and intercept millions of payment cards.
Fedir Hladyr, 35, served as a manager and systems administrator for FIN7. He was arrested in Dresden, Germany, in 2018, at the request of US law enforcement and was extradited to Seattle, Washington. In September 2019, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
“This criminal organisation had more than 70 people organized into business units and teams. Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems,” says acting US Attorney Tessa Gorman of the Western District of Washington. “This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers.”
According to documents filed in the case, since at least 2015, members of FIN7 engaged in a highly sophisticated malware campaign to attack hundreds of US companies, predominantly in the restaurant, gambling, and hospitality industries.
In the United States alone, FIN7 successfully breached the computer networks of businesses in all 50 states and the District of Columbia, stealing more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.
Additional intrusions occurred abroad, including in the UK, Australia, and France.
Companies that have publicly disclosed hacks attributable to FIN7 include such chains as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli.