“Three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe have been arrested and are currently in custody facing charges filed in U.S. District Court in Seattle, announced Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Annette L. Hayes for the Western District of Washington and Special Agent in Charge Jay S. Tabb Jr. of the FBI Seattle Field Office,” the message says.
According to three federal indictments unsealed today, Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30, are members of a prolific hacking group widely known as FIN7 (also referred to as the Carbanak Group and the Navigator Group, among other names). Since at least 2015, FIN7 members engaged in a highly sophisticated malware campaign targeting more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries. As set forth in indictments, FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers, which the group used or sold for profit.
In the United States alone, FIN7 successfully breached the computer networks of companies in 47 states and the District of Columbia, stealing more than 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations. Additional intrusions occurred abroad, including in the United Kingdom, Australia, and France. Companies that have publicly disclosed hacks attributable to FIN7 include such familiar chains as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli. Additionally in Western Washington, FIN7 targeted other local businesses.
“The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet,” said Assistant Attorney General Benczkowski.
Each of the three FIN7 conspirators is charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.
In January 2018, at the request of U.S. officials, foreign authorities separately arrested Ukrainian Fedir Hladyr and a second FIN7 member, Dmytro Fedorov. Hladyr was arrested in Dresden, Germany, and is currently detained in Seattle pending trial. Hladyr allegedly served as FIN7’s systems administrator who, among other things, maintained servers and communication channels used by the organization and held a managerial role by delegating tasks and by providing instruction to other members of the scheme. Hladyr’s trial is currently scheduled for Oct. 22.
Fedorov, a high-level hacker and manager who allegedly supervised other hackers tasked with breaching the security of victims’ computer systems, was arrested in Bielsko-Biala, Poland. Fedorov remains detained in Poland pending his extradition to the United States.
In late June 2018, foreign authorities arrested a third FIN7 member, Ukrainian Andrii Kolpakov in Lepe, Spain. Kolpakov, also alleged to be a supervisor of a group of hackers, remains detained in Spain pending the United States’ request for extradition.
As it was reported earlier, Ukrainian hackers were arrested in the US. They are suspected of committing several cyber-crimes like theft of arrays of payment card numbers and other data of American companies. According to the information of the agency, work is proceeding on the arrests of the members of Carbanak. As the law enforcement and private cyber investigators believe, the gang is one of the most active in the world in terms of the number of cyber-crimes. According to the information of the investigation, the gang has stolen 889 billion dollars in all this time.