FIN7 – also known as Carbanak Group and the Navigator Group – has stolen more than $1 billion from U.S. citizens and organizations in a long-running computer-hacking campaign, the U.S. Department of Justice (DOJ) said in a statement last week.
Ukrainian national Andrii Kolpakov was an active hacker and “pen tester” for the group from at least April 2016 until his arrest in Spain in June of 2018. Pen testing, or penetration testing, is a method of evaluating the security of an IT system.
Kolpakov pleaded guilty to conspiracy to commit wire fraud and conspiracy to commit computer hacking in 2020, after his extradition to the U.S.
Dozens of members of FIN7 stole from hundreds of companies in the United States using sophisticated malware to infiltrate thousands of computer systems and steal millions of customer credit and debit card numbers, according to the DOJ.
"FIN7 carefully crafted email messages that would appear legitimate to a business’s employees and accompanied emails with telephone calls intended to further legitimize the emails,” U.S. prosecutors said.
"Once an attached file was opened and activated, FIN7 would use an adapted version of the Carbanak malware, in addition to an arsenal of other tools, to access and steal payment card data for the business’s customers."
The stolen credentials were then either used by the crime group or sold on for profit. Since 2015, the group successfully breached the computer networks of businesses in all 50 U.S. states and Washington, D.C., stealing more than 20 million customer card records.
The Ukranian crime syndicate – which is considered to be one of the most successful hacking groups in the world – mostly targeted companies in the restaurant, gambling and hospitality industries, including popular American fast food chains like Chipotle Mexican Grill, Chili’s, Arby’s, and Red Robin. FIN7’s cybercrime campaign was not confined to the U.S., however, as the group also attacked companies in Australia, France and the United Kingdom.