3 leaders arrested in Europe

3 leaders of notorious cybercrime group arrested in Europe

By ERIC GELLER

Three senior members of a notorious Eastern European hacker group have been arrested and are facing charges, the Justice Department announced today.

Dmytro Fedorov, Fedir Hladyr and Andrii Kopakov, all Ukrainian nationals, are part of the FIN7 cybercrime ring that has breached a wide range of companies in recent years, including Saks Fifth Avenue, Omni Hotels & Resorts, Whole Foods and Chipotle. DOJ said that the group hacked companies in 47 states and Washington, D.C.

FIN7 hackers used spear-phishing emails and follow-up phone calls to convince their targets to open emails with malicious attachments. They then deployed their famous Carbanak malware to steal customers’ payment data. They sold the stolen information on the dark web.

All three men face 26 felony charges, including wire fraud, computer hacking and aggravated identity theft.

The hackers stole “more than 15 million customer card records” in the U.S., in addition to their operations in the United Kingdom, Australia and France, according to DOJ.

At a press conference today announcing the arrests, Jay Tabb, special agent in charge of the FBI’s Seattle Field Office, said the FIN7 case was one of the FBI’s three biggest active hacking cases “in terms of loss, the number of victims, the global reach of it, and the size of the [cybercriminal] organization.” Half of the Seattle field office’s cyber resources have been devoted to the investigation.

Authorities arrested Fedorov in Poland, Hladyr in Germany and Kopakov in Spain. So far, only Hladyr has been extradited to the U.S.

According to the government, FIN7 used a front company called Combi Security, which claimed to offer penetration testing services, to hire cyber criminals who could help them conduct their operations.

“We are under no illusion that we have taken this group down altogether, but we have made a significant impact,” said Annette Hayes, the U.S. attorney for the western district of Washington, at the press conference.

Unmasking the FIN7 hackers “marks a major step towards dismantling this sophisticated criminal enterprise," said Tabb.

He said that FIN7’s activity was not linked to any foreign government. “There’s no linkage at all to any state sponsor of this activity,” he said at the press conference. “This is good, old-fashioned organized crime.”