A "high-level manager" of the FIN7 hacking group has been sentenced to 10 years in prison.
He was arrested in Germany, in 2018 at the request of U.S. law enforcement and was extradited to Seattle. In September 2019, he pleaded guilty to conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
Hladyr served as FIN7's systems administrator and played a central role in aggregating stolen payment card information, supervising FIN7's hackers, and maintaining the elaborate network of servers that the group used to attack and control victims' computers, according to the Department of Justice. He also controlled the organization's encrypted channels of communication, it said.
SEE: Network security policy (TechRepublic Premium)
Hladyr was sentenced to ten years in prison by a U.S. District Court in Seattle following an investigation by the Seattle Cyber Task Force of the FBI and the U.S. Attorney's Office for the Western District of Washington, with assistance from the US Department of Justice and international agencies.
"This criminal organization had more than 70 people organized into business units and teams. Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems," said Acting U.S. Attorney Tessa A. Gorman.
"This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers."
Since at least 2015, FIN7 (also referred to as Carbanak Group and the Navigator Group) has engaged in a highly sophisticated malware campaign to attack hundreds of U.S. companies, predominantly in the restaurant, gaming, and hospitality industries, the Department of Justice said. FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers which were used or sold for profit.
In the United States alone, FIN7 has stolen more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations after successfully compromising each target with malware.
FIN7 stole millions of bank card details from compromised PoS systems that were then used directly or sold on underground dark web forums for profit.
The cyber-criminal operation has been actively hacking businesses in the United States, United Kingdom, Australia, France and other countries since 2015.
Companies that are known to have fallen victim to FIN7 hackers include Chipotle Mexican Grill, Chili's, Arby's, Red Robin, and Jason's Deli.
MORE ON CYBERSECURITY
- Update now: Researchers warn of security vulnerabilities in these widely used point-of-sale terminals
- 5 things to consider when picking a credit card processor
- Why credit card data stealing point-of-sale malware is still such a big problem
- 10 tips to protect your organization and remote endpoints against cyberthreats
- How one hacked laptop led to an entire network being compromised