A 32-old Ukrainian national has been financially committed to five years in prison in the US for the individual’s criminal work as a “high-level hacker” in the motivatedly group FIN7.
Denys Iarmak, who worked as a penetration tester for the cartel from November 2016 through November 2018, had been previously arrested in Bangkok, Thailand in November 2019, before being extradited to the US in May 2020.
In November 2021, Iarmak had pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
FIN7 has been attributed to a number of attacks that have led to the theft of more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations in the US, costing the victims $1 billion in losses.
The criminal gang, also known as Carbanak Group and the Navigator Group, has a track record of hitting restaurant, gambling, and hospitality industries to siphon customer credit and debit card numbers since at least 2015 that were then used or sold for profit.
“Mr. Iarmak was directly involved in designing phishing emails embedded with malware, intruding on victim networks, and extracting data such as payment card information,” said US Attorney Nicholas W. Brown of the Western District of Washington. “To make matters worse, he continued his work with the FIN7 criminal enterprise even after the arrests and prosecution of co-conspirators.”
to court documents released by the US Justice Department (DoJ), the defendant used Atlassian’s Jira project management and issue-tracking software to coordinate and share details of ownership to different intrusions conducted by the group.
“Under each issue, FIN7 members tracked their progress breaching a victim’s security, uploaded data stolen from the victim, and provided guidance to each other,” the DoJ said.
Iarmak is the third FIN7 member of the group to be awarded in the US after Fedir Hladyr and Andrii Kolpakov, both of whom were awarded a prison term of 10 years and seven years respectively in April and June last year.
The development comes as threat intelligence and incident response firm Mandiant detailed the evolution of FIN7 into a resilient cyber crime group, linking it to 17 clusters of previously unattributed threat activity spanning several years, while also calling out its upgraded attack toolkit and initial access and techniques its shift to ransomware to monetize its attacks.