DOJ arrests three Ukrainians allegedly tied to FIN7 hacking gang
Three Ukrainians accused of hacking vast quantities of financial data from U.S. businesses have been indicted, the Department of Justice announced on Wednesday.
The individuals arrested are Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kopakov, 30. The trio are allegedly part of a hacking group called “FIN7” by the government, but more widely known as Carbanak, a group that allegedly stole billions from worldwide banks and tens of millions of dollars from U.S. companies since the group’s inception in 2014.
Carbanak boasts dozens of members and a complex organization which, prosecutors say, the three arrested men helped manage and control.
“The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet,” said Assistant Attorney General Brian Benczkowski.
The three men are charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.
Hladyr, who allegedly acted as the system administrator of the group, was arrested in January 2018 while on vacation in Germany with his family, his lawyer, Arkady Bukh, told CyberScoop. Eight months later, the defense team is now is in the midst of sorting through the “humongous discovery.”
Ukraine does not extradite its own citizens so the U.S. targets accused criminals like Hladyr when they cross into countries, like Germany, with an active mutual legal assistance treaty with the United States.
Hladyr’s family quickly returned to the Ukraine and retained Bukh, a U.S.-based lawyer that has represented a number of Eastern Europeans charged with hacking crimes.
Hladyr was a computer analyst and administrator in Ukraine, according to Bukh.
The trial is scheduled for October 22, but Bukh expressed doubts that the trial will take place that quickly and said it wasn’t even clear that this would go to trial.
“Discovery is so large that we can’t conclusively say if we will go to trial or make a plea,” Bukh said. “We don’t know what we’re doing yet, we’re just going over the volume of discovery.”
Hladyr is a “mentally strong man,” Bukh said, who is aiding his lawyers in his defense.
Fedorov, who allegedly fulfilled hacking and supervisory roles in the group, was arrested in Bielsko-Biala, Poland where he remains pending extradition.
Another alleged supervisor, Ukrainian Andrii Kolpakov, was arrested in in Lepe, Spain.
The group employed spearphishing attacks against targeted businesses, particularly aimed at gaming, hospitality and restaurant companies. Specially crafted emails that were built to look legitimate contained malicious software known as Carbanak. That software allowed the hackers to steal financial data that was then sold in online underground marketplaces.
Carbanak also created Combi Security as a front company allowing the recruitment of hackers and a guise of legitimacy. The company was headquartered in Moscow, and had offices in Haifa, Israel and Odessa.
You can read each of the indictments below.
[documentcloud url=”http://www.documentcloud.org/documents/4627022-Federov-Superseding-Indictment-0.html” responsive=true height=500]
[documentcloud url=”http://www.documentcloud.org/documents/4627023-Hladyr-Superseding-Indictment-0.html” responsive=true height=500]
[documentcloud url=”http://www.documentcloud.org/documents/4627024-Kolpakov-Indictment-0.html” responsive=true height=500]