19 April 2021

Member of FIN7 cybercrime group sentenced to 10 years in prison


Member of FIN7 cybercrime group sentenced to 10 years in prison

A Ukrainian national was sentenced to 10 years in prison for his work with a cybercriminal group known as FIN7, a threat actor responsible for malware attacks against hundreds of U.S. companies, mainly in the restaurant, gambling, and hospitality industries. The group stole millions of customers’ banking information and then sold some for profit.

According to court documents, Fedir Hladyr, 35, served as a manager and systems administrator for FIN7. He was arrested in Dresden, Germany, in 2018, and that same year was extradited to the USA. In September 2019, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

“Hladyr originally joined FIN7 via a front company called Combi Security – a fake cyber security company that had a phony website and no legitimate customers. Hladyr admitted in his plea agreement that he soon realized that, rather than a legitimate company, Combi was part of a criminal enterprise. Hladyr served as FIN7’s systems administrator who, among other things, played a central role in aggregating stolen payment card information, supervising FIN7’s hackers, and maintaining the elaborate network of servers that FIN7 used to attack and control victims’ computers. Hladyr also controlled the organization’s encrypted channels of communication,” the US Department of Justice said in a press release.

FIN7 attacks involved carefully crafted email messages that would appear legitimate to a business’ employees, and accompanied emails with telephone calls intended to further legitimize the emails. Once the victim opened a file attached to a malicious message, the adapted version of the Carbanak malware would download onto the computer. The group used various tools to access and steal payment card data, some of which they would later sell on dark web markets.

“In the United States alone, FIN7 successfully breached the computer networks of businesses in all 50 states and the District of Columbia, stealing more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations,” the DoJ wrote. The group also targeted companies in other countries, namely in the United Kingdom, Australia, and France.

Hladyr told the court he regretted working for Combi Security, and accepted responsibility for his crimes.

Back to the list

Latest Posts

ShadowSyndicate ransomware group targeting Aiohttp flaw

ShadowSyndicate ransomware group targeting Aiohttp flaw

Organizations are urged to update to Aiohttp v3.9.
18 March 2024
The International Monetary Fund discloses cyberattack affecting 11 email accounts

The International Monetary Fund discloses cyberattack affecting 11 email accounts

The organization did not share any additional details regarding the nature of the attack.
18 March 2024
E-Root Marketplace operator sentenced to 3.5 years in prison

E-Root Marketplace operator sentenced to 3.5 years in prison

It is estimated that over 350,000 compromised credentials were listed for sale on the E-Root Marketplace.
18 March 2024