The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7, aka Carbanak.
The Carbanak gang (aka FIN7, Anunak or Cobalt) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries.
CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.
Starting from 2016 the group developed a new custom malware using Cobalt Strike, a legitimate penetration testing framework.
In March 2020, the FBI published an alert on a new wave of attacks carried out by the FIN7 APT group that was sending to the victims some devices acting as a keyboard (HID Emulator USB) when plugged into a computer.
Hladyr was sentenced in the Western District of Washington, he was arrested in Dresden, Germany, in 2018, at the request of U.S. law enforcement and was extradited to the US where in September 2019, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
“According to documents filed in the case, since at least 2015, members of FIN7 (also referred to as Carbanak Group and the Navigator Group, among other names) engaged in a highly sophisticated malware campaign to attack hundreds of U.S. companies, predominantly in the restaurant, gambling, and hospitality industries.” reads the press release published by DoJ. “FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were then used or sold for profit. FIN7, through its dozens of members, launched waves of malicious cyberattacks on numerous businesses operating in the United States and abroad.”
In the United States, FIN7 hacked computer networks of businesses in all 50 states causing enormous billions of dollars of losses to the victims.
FIN7 attacks aimed at breaching internal networks of businesses to install PoS malware and steal payment card data.
Fedorov, is a skilled hacker and, who is suspected to be a manager of the group, was arrested at the request of U.S. officials in Bielsko-Biala, Poland.
In late June 2018, foreign authorities arrested Andrii Kolpakov in Lepe, Spain. The man is suspected to be a supervisor of the group.
In May 2020, authorities arrested another member of the FIN7 group, the Ukrainian nation Denys Iarmak.
“Hladyr originally joined FIN7 via a front company called Combi Security – a fake cyber security company that had a phony website and no legitimate customers. Hladyr admitted in his plea agreement that he soon realized that, rather than a legitimate company, Combi was part of a criminal enterprise.” concludes DoJ. “Hladyr served as FIN7’s systems administrator who, among other things, played a central role in aggregating stolen payment card information, supervising FIN7’s hackers, and maintaining the elaborate network of servers that FIN7 used to attack and control victims’ computers. Hladyr also controlled the organization’s encrypted channels of communication.”
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, FIN7)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.