2 min read

Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

Graham CLULEY

April 19, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree
  • Notorious FIN7 gang stole payment card details from retailers around the world
  • Cybercrime gang posed as penetration testing firm to recruit hackers

A key member of the FIN7 cybercrime gang – which is said to have caused over one billion dollars worth of damage around the world – has been sentenced to 10 years in jail.

35-year-old Ukrainian national Fedir Hladyr worked as the sysadmin for the FIN7 gang (also sometimes known as Carbanak, Navigator Group, or Anunak) which made its fortune targeting retailers, restaurants, and gambling firms in more than 40 countries across the globe, stealing 20 million customer card records at thousands of business locations. FIN7’s high profile targets included the likes of Lord & Taylor and Saks Fifth Avenue.

Typically, the FIN7 gang sent out carefully-crafted emails that posed as legitimate business communications and used social engineering techniques to trick recipients into clicking on the malicious attachments. In some cases telephone calls from the attackers would accompany the sending of the emails, in an attempt to make the emails appear less suspicious.

Malware installed through the poisoned attachment would be used alongside other hacking tools to spread laterally through networks, and seek out point-of-sale (POS) systems in order to steal sensitive payment card details as payment card transactions were made at thousands of retail locations.

More details on how the malware operated can be read about in this technical paper by Bitdefender Labs.

Many of the stolen payment card details were later made available for sale by FIN7 on underground forums to other cybercriminals.

FIN7 operated a front company called Combi Security, which claimed to offer penetration testing services.

On its website, Combi Security described itself as “one of the leading international companies in the field of information security.”

But in truth it was a means to recruit other hackers into the criminal operation.

Combi Security had no legitimate customers, but that didn’t stop it hiring people like Hladyr who in his management position supervised FIN7’s hackers, maintained FIN7’s Command & Control servers, and aggregated stolen payment card information. Crucially, Hladyr was also in control of the criminal organisation’s encrypted instant messaging channel.

Hladyr was the first member of the FIN7 gang to be apprehended when he was arrested in the city of Dresden in 2018, and then extradited from Germany to the United States.

At the end of last week Hladyr was sentenced to prison for ten years for his involvement in the gang’s cybercriminal activities.

“This criminal organization had more than 70 people organized into business units and teams. Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems,” said Acting US Attorney Tessa M. Gorman of the Western District of Washington. “This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers.”

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read