3 arrested in business phishing scam that netted 15 million cred

(RNN) - Three people have been arrested in what the FBI described as a "transnational organized crime syndicate" that targeted hundreds of businesses that snagged credit card numbers.

The scheme cost tens of millions of dollars.

Through malware unleashed by a targeted phishing attack, a group known as FIN7 compromised 3,600 business locations across the country, all done remotely over the internet, snagging 15 million credit card numbers.

One of the people, Fedir Hladyr, 33, is already in custody. The other two, Dymtro Fedorov, 44, and Andrii Kolpakov, 33,  await extradition from Poland and Spain, respectively. All three are Ukrainian.

“The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the darknet,” said Brian Benczkowski, the assistant attorney general for the Justice Department's Criminal Division.

“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” said JayTabb, special agent in charge of the FBI's Seattle Field Office. 

The businesses affected include nationally recognized brands such as Chipotle, Arby’s, Sonic, Red Robin and Jason’s Deli.

The FIN7 group was identified as the culprit in a hack of retailers Saks Fifth Avenue and Lord & Taylor in April, as well.

"We are under no illusions that we have taken this group down altogether, but we have made a significant impact," U.S. Attorney Annette Hayes said.

Hladyr, who is in custody in Seattle, allegedly was a systems administrator for the group. His trial is scheduled for Oct. 22, and his attorney told the Associated Press it was too soon to tell if they would consider a plea deal.

Officials said Fedorov and Kolpakov oversaw hackers in the operation. They allege that the group operated under a front company called Combi Security to "provide a guise of legitimacy and to recruit hackers to join the criminal enterprise."

"FIN7, through its dozens of members, launched numerous waves of malicious cyberattacks on numerous businesses operating in the United States and abroad," the Justice Department said in a release. "FIN7 carefully crafted email messages that would appear legitimate to a business’ employee, and accompanied emails with telephone calls intended to further legitimize the email. Once an attached file was opened and activated, FIN7 would use an adapted version of the notorious Carbanak malware in addition to an arsenal of other tools to ultimately access and steal payment card data for the business’ customers."

A report last year from cyber security firm Morphisec described FIN7 as "one of the leading threat actor groups operating today."

"Cyber criminals who believe that they can hide in faraway countries and operate from behind keyboards without getting caught are just plain wrong," Hayes said.

Copyright 2018 Raycom News Network. All rights reserved.