Financially-Motivated FIN7 Hacking Group Continues Operations While Its IT Admin Pleads Guilty

• FIN7’s admin pleaded guilty to wire fraud and conspiracy to commit computer hacking as part of a deal with prosecutors.
• The accused pleaded guilty to only two of the 26 charges against him. His sentencing is due December 13.

What transpired in the courtroom: Fedir Hladyr, a 34-year-old computer analyst and administrator from Ukraine of the FIN7 hacker group, was arrested last year in Dresden, Germany.

• Hladyr pleaded guilty after appearing in a courtroom in the Western District of Washington on Wednesday.
• Hladyr pleaded guilty for his active role in the group that stole over $1 billion through cybercrime activities worldwide.
• According to the defense attorney, Hladyr pleaded guilty to wire fraud and conspiracy to commit computer hacking as a part of the deal with prosecutors that will account to a prison term of not more than 25 years.

“[Hladyr] was facing multiple sentences of life in jail based on the dollar amount and the number of people harmed, which is 90% of the argument,” said defense attorney Arkady Bukh. “At this time, the government gave us a certain level of leniency and will basically limit his legal exposure to 25 years.”

Accused’s job-crimes: Prosecutors said, he served as “a high-level systems administrator” for FIN7.

• Hladyr controlled a private HipChat instant messaging chat and helped the hacker team to upload malicious software code to steal payment card data and take screenshots.
• He maintained and organized the Jira project; a tracking software where the group would upload malicious files and robbed people of their credentials including usernames and passwords.
• A FIN7 hacker, with Hladyr’s help, used the email address “[email protected]” to scam employees at victim companies.

What does it mean the DoJ:

• It marks a significant win for the Department of Justice, which for years has struggled to apprehend, extradite, and convict the cybercriminals suspected in attacks against U.S. companies.
• Hladyr is the first member of the group to be found guilty of hacking-related crimes in the U.S. court.

Worth noting: Hladyr pleaded guilty to only two of the 26 charges against him.

• Charges that were dropped included allegations of aggravated identity theft, access device fraud and intentional damage to a protected computer.
• For now, Hladyr will be punished for wire fraud and conspiracy to commit computer hacking.

A quick overview of FIN7: The group has been primarily targeting the U.S. retail, restaurant, and hospitality sectors since mid-2015.

• FIN7 is sometimes referred to as Carbanak Group, but these appear to be two groups using the same Carbanak malware.
• It is accused of stealing more than 15 million credit card numbers from victims including Chipotle, Red Robin, Saks Fifth Avenue, Whole Foods and other retailers and restaurants in 47 states.
• The group often uses point-of-sale malware to steal sensitive information.
• Last year, it was blamed for causing a loss of more than $1 billion.
• Surprisingly, the group remains active, despite Hladyr’s arrest.