DOJ arrests three Ukrainian nationals from Fin7 cybercrime group

The group is responsible for stealing 15 million credit and debit card numbers and profiting from them via multiple cyberattacks.

Cyber threat intelligence vs. Business risk intelligence: Both are key to your firm's security

The Department of Justice said it has three high-ranking members of cybercrime group Fin7 for their roles in cyberattacks on more than 100 U.S. companies.

According to the DOJ, victim companies were in 47 states. Fin7 operates out of Eastern Europe and three Ukrainian nationals--Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kopakov, 30--were being indicted.

Each of the three Ukrainian nationals were charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.

Fin7 also is referred to as the Carbanak Group and the Navigator Group. Since at least 2015, the cybercrime group used malware to target more than 100 companies focused on frequently attacked industries such as restaurants, gaming and hospitality.

The Verizon Data Breach Investigations Report has cited those industries as highly vulnerable for the last two years. 

SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened (cover story PDF) (TechRepublic)

According to the DOJ, the cybercrime group would typically hack into computer systems, steal customer credit and debit card numbers and then use or sell the data. This play was run often enough for Fin7 to steal more than 15 million credit card records from more than 6,500 point-of-sale terminals in 3,600 separate locations.

The group used social engineering via phishing and calling and network intrusion to grab data.


Fin7 operated in the U.K., Australia and France.

As for the companies hacked, the DOJ noted that some familiar restaurant chains were Fin7 victims. Those companies include:

  • Chipotle Mexican Grill
  • Chili's
  • Arby's
  • Red Robin
  • Jason's Deli

Judging by the comments from the DOJ statement, it's clear the agency wants to use the arrests as a deterrent to cybercriminals. The arrests were carried out in cooperation with foreign authorities.

Hladyr is being detained in Seattle pending trial. Federov, who supervised the other hackers, was arrested in Poland and is being detained there pending extradition to the U.S. Kolpakov is being detained in Spain pending a U.S. request for extradition.

Read also: Ransomware: An executive guide to one of the biggest menaces on the web | Ransomware: Get ready for the next wave of destructive cyberattacks | Ransomware: Why the crooks are ditching bitcoin and where they are going next | A Winning Strategy for Cybersecurity


Show Comments