Industry News

Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

  • Notorious FIN7 gang stole payment card details from retailers around the world
  • Cybercrime gang posed as penetration testing firm to recruit hackers

A key member of the FIN7 cybercrime gang – which is said to have caused over one billion dollars worth of damage around the world – has been sentenced to 10 years in jail.

35-year-old Ukrainian national Fedir Hladyr worked as the sysadmin for the FIN7 gang (also sometimes known as Carbanak, Navigator Group, or Anunak) which made its fortune targeting retailers, restaurants, and gambling firms in more than 40 countries across the globe, stealing 20 million customer card records at thousands of business locations. FIN7’s high profile targets included the likes of Lord & Taylor and Saks Fifth Avenue.

Typically, the FIN7 gang sent out carefully-crafted emails that posed as legitimate business communications and used social engineering techniques to trick recipients into clicking on the malicious attachments. In some cases telephone calls from the attackers would accompany the sending of the emails, in an attempt to make the emails appear less suspicious.

Malware installed through the poisoned attachment would be used alongside other hacking tools to spread laterally through networks, and seek out point-of-sale (POS) systems in order to steal sensitive payment card details as payment card transactions were made at thousands of retail locations.

More details on how the malware operated can be read about in this technical paper by Bitdefender Labs.

Many of the stolen payment card details were later made available for sale by FIN7 on underground forums to other cybercriminals.

FIN7 operated a front company called Combi Security, which claimed to offer penetration testing services.

On its website, Combi Security described itself as “one of the leading international companies in the field of information security.”

But in truth it was a means to recruit other hackers into the criminal operation.

Combi Security had no legitimate customers, but that didn’t stop it hiring people like Hladyr who in his management position supervised FIN7’s hackers, maintained FIN7’s Command & Control servers, and aggregated stolen payment card information. Crucially, Hladyr was also in control of the criminal organisation’s encrypted instant messaging channel.

Hladyr was the first member of the FIN7 gang to be apprehended when he was arrested in the city of Dresden in 2018, and then extradited from Germany to the United States.

At the end of last week Hladyr was sentenced to prison for ten years for his involvement in the gang’s cybercriminal activities.

“This criminal organization had more than 70 people organized into business units and teams. Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems,” said Acting US Attorney Tessa M. Gorman of the Western District of Washington. “This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers.”

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.