The hacker who stole billions of dollars from banks, businesses and users has finally been arrested

The U.S. Department of Justice (DOJ) announced that a Ukrainian citizen has been sentenced to seven years in prison due to his participation in the hacking group FIN7. Andrii Kolpakov, 33, used multiple identities during his time as a high-level hacker for this dangerous cybercriminal group.

The defendant was arrested in Spain in June 2018 and extradited to the U.S. in June 2019. Kolpakov pleaded guilty to conspiracy to commit wire fraud and illegal access to protected computer systems.

FIN7’s activity began to be documented in 2015, when this hacking group operated a malware campaign that compromised the systems of hundreds of companies in the United States, mainly in the hotel and gaming industry. FIN7 sent carefully crafted emails that would appear legitimate to employees of the affected companies. These messages contained a file infected with an improved version of the Carbanak malware, in addition to many other hacking tools in order to steal confidential information from the affected companies.

Hackers turned these attacks into profits primarily by selling payment card numbers and selling sensitive information on dark web hacking forums.

The DOJ mentions that, in the U.S. alone, FIN7 compromised the computer networks of companies in all 50 states and the District of Columbia, stealing more than 20 million payment card records through the attack on nearly 7 thousand point-of-sale (PoS) terminals in more than 3 thousand different locations. , which represented losses of about a billion dollars.

Among the companies that have confirmed FIN7 attacks are some of the major restaurant chains in the U.S., including Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli.

Kolpakov worked for FIN7 from April 2016 until his arrest in June 2018, collaborating with other hackers tasked with violating the security of vulnerable computer systems. Although Kolpakov and his associates were aware of the arrests of some FIN7 members since the beginning of 2018, they continued to attack multiple companies in the U.S. and other countries until the time of their arrest.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.