19 April 2021

Member of FIN7 cybercrime group sentenced to 10 years in prison


Member of FIN7 cybercrime group sentenced to 10 years in prison

A Ukrainian national was sentenced to 10 years in prison for his work with a cybercriminal group known as FIN7, a threat actor responsible for malware attacks against hundreds of U.S. companies, mainly in the restaurant, gambling, and hospitality industries. The group stole millions of customers’ banking information and then sold some for profit.

According to court documents, Fedir Hladyr, 35, served as a manager and systems administrator for FIN7. He was arrested in Dresden, Germany, in 2018, and that same year was extradited to the USA. In September 2019, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

“Hladyr originally joined FIN7 via a front company called Combi Security – a fake cyber security company that had a phony website and no legitimate customers. Hladyr admitted in his plea agreement that he soon realized that, rather than a legitimate company, Combi was part of a criminal enterprise. Hladyr served as FIN7’s systems administrator who, among other things, played a central role in aggregating stolen payment card information, supervising FIN7’s hackers, and maintaining the elaborate network of servers that FIN7 used to attack and control victims’ computers. Hladyr also controlled the organization’s encrypted channels of communication,” the US Department of Justice said in a press release.

FIN7 attacks involved carefully crafted email messages that would appear legitimate to a business’ employees, and accompanied emails with telephone calls intended to further legitimize the emails. Once the victim opened a file attached to a malicious message, the adapted version of the Carbanak malware would download onto the computer. The group used various tools to access and steal payment card data, some of which they would later sell on dark web markets.

“In the United States alone, FIN7 successfully breached the computer networks of businesses in all 50 states and the District of Columbia, stealing more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations,” the DoJ wrote. The group also targeted companies in other countries, namely in the United Kingdom, Australia, and France.

Hladyr told the court he regretted working for Combi Security, and accepted responsibility for his crimes.

Back to the list

Latest Posts

One of the US’ largest pipelines halts operations after a ransomware attack

One of the US’ largest pipelines halts operations after a ransomware attack

The "DarkSide" criminal group is believed to be behind the ransomware attack.
10 May 2021
TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

The attacks were highly targeted and delivered to less than 10 victims around the world, including large diplomatic organizations in South-East Asia and Africa.
10 May 2021
A bio research institute got infected with Ryuk ransomware because of pirated software

A bio research institute got infected with Ryuk ransomware because of pirated software

The student who wouldn’t pay for licensed software unwittingly opened a door to the ransomware.
10 May 2021