Head of a dangerous hacking group is arrested; faces sentence of up to 10 years in prison

The U.S. Department of Justice (DOJ) announced that Ukrainian citizen Fdir Hladyr, recognized as one of the most important operators of the advanced hacking group FIN7 was sentenced to 10 years in prison for his involvement in the multiple attacks orchestrated by this cybercriminal group.

Hladyr was arrested in 2018 in Germany and extradited to the U.S. soon after. In September 2019, the defendant pleaded guilty to conspiracy to commit electronic fraud and illegitimate access to protected computer systems.

The defendant served as system administrator of the hacking group, actively participating in the collection of confidential information such as stolen payment card numbers, as well as deploying the network of servers employed by FIN7 to perform its malicious activities and operate encrypted communication channels.

The defendant was sentenced to ten years in prison after the presentation of evidence collected by the Seattle Cyber Working Group and the U.S. Attorney’s Office for Washington. The DOJ and police agencies in Germany also worked importantly on this investigation. 

About FIN7, cybersecurity experts mention that the hacking group has at least 70 members divided into teams dedicated to activities such as malware development, phishing campaign deployment and online account engagement. Interim Prosecutor Tessa Gorman says: “The defendant has actively worked on these activities, so we can give him great responsibility for the millions of dollars in losses experienced by affected individual organizations and users.”

This group, also identified as Carbanak or Navigator Group, has participated in multiple malware campaigns against targets around the world at least since 2015, counting betting companies, hotel chains and restaurants among its main objectives. FIN7 has also operated major financial information theft campaigns for later sale in hacking forums. DOJ reports mention that FIN7 has stolen more than 20 million payment cards by committing some 6,000 malware-infected point-of-sale terminals.

As mentioned above, these hackers have operated to the need since 2015 in countries such as the United States, Australia, France, the United Kingdom and other sectors of Europe. Among FIN7’s most recent victims are companies such as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.