A member of the FIN7 group was sentenced to 10 years in prison

Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially motivated group FIN7, aka Carbanak.

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7, aka Carbanak.

The Carbanak gang (aka FIN7, Anunak or Cobalt) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries.

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

Starting from 2016 the group developed a new custom malware using Cobalt Strike, a legitimate penetration testing framework.

In March 2020, the FBI published an alert on a new wave of attacks carried out by the FIN7 APT group that was sending to the victims some devices acting as a keyboard (HID Emulator USB) when plugged into a computer.

Hladyr was sentenced in the Western District of Washington, he was arrested in Dresden, Germany, in 2018, at the request of U.S. law enforcement and was extradited to the US where in September 2019, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

“According to documents filed in the case, since at least 2015, members of FIN7 (also referred to as Carbanak Group and the Navigator Group, among other names) engaged in a highly sophisticated malware campaign to attack hundreds of U.S. companies, predominantly in the restaurant, gambling, and hospitality industries.” reads the press release published by DoJ. “FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were then used or sold for profit. FIN7, through its dozens of members, launched waves of malicious cyberattacks on numerous businesses operating in the United States and abroad.”

In the United States, FIN7 hacked computer networks of businesses in all 50 states causing enormous billions of dollars of losses to the victims.

FIN7 attacks aimed at breaching internal networks of businesses to install PoS malware and steal payment card data.

The list of victims of the FIN7 group includes Arby’s, Chili’s, Chipotle Mexican Grill, Jason’s Deli, and Red Robin,

Hladyr was charged in 2018 with two other FIN7 members, Dmytro Fedorov and Andrii Kopakov, also Ukrainian nationals. Both are still awaiting their sentencing.

Fedorov, is a skilled hacker and, who is suspected to be a manager of the group, was arrested at the request of U.S. officials in Bielsko-Biala, Poland.

In late June 2018, foreign authorities arrested Andrii Kolpakov in Lepe, Spain. The man is suspected to be a supervisor of the group.

In May 2020, authorities arrested another member of the FIN7 group, the Ukrainian nation Denys Iarmak.

“Hladyr originally joined FIN7 via a front company called Combi Security – a fake cyber security company that had a phony website and no legitimate customers. Hladyr admitted in his plea agreement that he soon realized that, rather than a legitimate company, Combi was part of a criminal enterprise.” concludes DoJ. “Hladyr served as FIN7’s systems administrator who, among other things, played a central role in aggregating stolen payment card information, supervising FIN7’s hackers, and maintaining the elaborate network of servers that FIN7 used to attack and control victims’ computers. Hladyr also controlled the organization’s encrypted channels of communication.”

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, FIN7)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.