A member of the FIN7 group was sentenced to 10 years in prison

Pierluigi Paganini April 18, 2021

Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially motivated group FIN7, aka Carbanak.

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7, aka Carbanak.

The Carbanak gang (aka FIN7Anunak or Cobalt) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries.

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

Starting from 2016 the group developed a new custom malware using Cobalt Strike, a legitimate penetration testing framework.

In March 2020, the FBI published an alert on a new wave of attacks carried out by the FIN7 APT group that was sending to the victims some devices acting as a keyboard (HID Emulator USB) when plugged into a computer.

Hladyr was sentenced in the Western District of Washington, he was arrested in Dresden, Germany, in 2018, at the request of U.S. law enforcement and was extradited to the US where in September 2019, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

“According to documents filed in the case, since at least 2015, members of FIN7 (also referred to as Carbanak Group and the Navigator Group, among other names) engaged in a highly sophisticated malware campaign to attack hundreds of U.S. companies, predominantly in the restaurant, gambling, and hospitality industries.” reads the press release published by DoJ. “FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were then used or sold for profit. FIN7, through its dozens of members, launched waves of malicious cyberattacks on numerous businesses operating in the United States and abroad.”

In the United States, FIN7 hacked computer networks of businesses in all 50 states causing enormous billions of dollars of losses to the victims.

FIN7 attacks aimed at breaching internal networks of businesses to install PoS malware and steal payment card data.

The list of victims of the FIN7 group includes Arby’s, Chili’s, Chipotle Mexican Grill, Jason’s Deli, and Red Robin,  

Hladyr was charged in 2018 with two other FIN7 members, Dmytro Fedorov and Andrii Kopakov, also Ukrainian nationals. Both are still awaiting their sentencing.

Fedorov, is a skilled hacker and, who is suspected to be a manager of the group, was arrested at the request of U.S. officials in Bielsko-Biala, Poland.

In late June 2018, foreign authorities arrested Andrii Kolpakov in Lepe, Spain.  The man is suspected to be a supervisor of the group.

In May 2020, authorities arrested another member of the FIN7 group, the Ukrainian nation Denys Iarmak.

“Hladyr originally joined FIN7 via a front company called Combi Security – a fake cyber security company that had a phony website and no legitimate customers. Hladyr admitted in his plea agreement that he soon realized that, rather than a legitimate company, Combi was part of a criminal enterprise.” concludes DoJ. “Hladyr served as FIN7’s systems administrator who, among other things, played a central role in aggregating stolen payment card information, supervising FIN7’s hackers, and maintaining the elaborate network of servers that FIN7 used to attack and control victims’ computers. Hladyr also controlled the organization’s encrypted channels of communication.”

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, FIN7)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment