Authorities in the United States arrested three Ukrainian individuals over allegations that they participated in a cybercrime ring dedicated to stealing credit card information which compromised some 15 million individuals in the country. The people in question — Andrii Kolpakov, 30, Fedir Hladyr, 33, and Dmytro Fedorov, 44 — are believed to have been senior members of cybercrime group “FIN7” which attacked more than 100 American companies to date, the Department of Justice announced earlier this month. The trio is presently in custody, awaiting trials based on federal charges filed with the U.S. District Court in Seattle, Washington.
FIN7, also known as the “Navigator Group” and “Carbanak Group,” has been conducting malware-based attacks aimed at stealing credit card credentials from unsuspecting U.S. victims since at least 2015, according to three indictments the DOJ unsealed last Wednesday. The criminal ring is understood to have primarily targeted small and medium-sized businesses in the hospitality, gaming, and restaurant industries, having sold stolen credit and debit card info for profit, most likely to identity thieves. American companies across 47 states and the District of Columbia have been compromised as part of FIN7’s activities, with the majority of attacks being conducted through malware targeting some 6,500 point-of-sale terminals at approximately 3,600 locations, the indictments read.
Besides companies in the U.S., the tech crime group is also understood to have targeted firms in the United Kingdom, France, and Australia. Some of the most high-profile names to have disclosed hacking attacks associated with FIN7’s malware are Arby’s and Chipotle Mexican Grill. Each arrested Ukrainian national is now facing 26 felony counts of wire fraud, access device fraud, conspiracy, aggravated identity theft, and computer hacking, the DOJ confirmed. The individuals were arrested and extradited by the governments of Poland, Spain, and Germany, with those proceedings starting this January. FIN7 operated under the guise of a front company Combi Security based in Israel and Russia, which claimed to offer white hat hacking services, i.e. penetration vulnerability testing. The firm’s website claimed some of its most high-profile victims were its former clients, U.S. authorities found.