Cyber Security

Ukrainian man sentenced to prison for his part in billion-dollar FIN7 cybercrime campaign

A Ukrainian national has been sentenced to seven years in prison for his involvement in cybercrime group FIN7, which has stolen more than $1 billion from US citizens and organizations.

A statement released by the Department of Justice (DoJ) this week named the individual as Andrii Kolpakov, 33, who was arrested in Lepe, Spain, on June 28, 2018, and was extradited to the US on June 1, 2019.

Kolpakov, who reportedly worked as a high-level admin for the FIN7 criminal hacking group from 2016 until 2018, pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

Alongside his sentence, he was ordered to pay $2.5 million in restitution.

Cybercrime campaign

According to the DoJ release, since at least 2015 members of FIN7 – also referred to as ‘CarbanakGroup’ and the ‘Navigator Group’, among other names – engaged in a “highly sophisticated malware campaign”, attacking hundreds of US companies, predominantly in the restaurant, gambling, and hospitality industries.

Companies that have publicly disclosed hacks attributable to FIN7 include Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli, said the DoJ.

The DoJ said the cybercrime outfit hacked into thousands of computer systems, stealing customer credit and debit card numbers which were then sold on for profit.

They used phishing techniques to target business employees, tricking them into opening attachments laden with an adapted version of the Carbanak malware, in addition to an arsenal of other tools, to access and steal payment card data for the business’s customers.

US prosecutors said that the gang has been selling stolen payment information through “online underground marketplaces” since 2015.

Thousands of victims

“In the US alone, FIN7 successfully breached the computer networks of businesses in all 50 states and the District of Columbia,” noted the DoJ, adding that the group stole more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.

Additional intrusions occurred abroad, including in the UK, Australia and France, the DoJ said.

Source: https://portswigger.net/daily-swig/ukrainian-man-sentenced-to-prison-for-his-part-in-billion-dollar-fin7-cybercrime-campaign

Click to comment

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

Media and frequent innovative releases aggressively fuel the rapid industry rise of generative AI (Artificial Intelligence) ChatGPT.  But, besides its innovative part, cybercriminals have...

Business News

The European Anti-Fraud Office (OLAF) has put forth a recommendation to halt the €140 million renovation project for the Kostenets-Septemvri railway in Bulgaria, while...

Cyber Security

A China-based cybercriminal known as Storm-0558 gained access to unclassified U.S. government email accounts using forged authentication tokens according to a report released by...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version