A Ukrainian citizen has been convicted as a member of the FIN7 hacking group.
On Thursday, the United States Department of Justice (DoJ) announced the sentence of Denys Iarmak to five years in prison for working as a FIN7 penetration tester.
FIN7, also known as Carbanak, is a prolific cybercriminal group focused on financial theft. FIN7 has been in business since at least 2015 and tends to target the retail and banking sectors through Business Email Compromise (BEC) scams, attacks on point-of-sale (PoS) systems and supply chain compromise .
The group is constantly evolving its tactics and improving its toolkit. Malware used by the group includes backdoors, information stealers, trojans, RDP access modules, and even malicious USB drives that are physically mailed to unsuspecting companies.
Blueliv researchers say FIN7 is one of the biggest threats to the financial industry today. The DoJ estimates at least $1 billion in damage has been done to U.S. organizations and consumers.
Prosecutors say Iarmak worked as a pen tester for the group. On the cybersecurity front, pen testers may be tasked with software and security testing, but in this case, the 32-year-old was responsible for managing network intrusions.
One of his tasks was to set up ‘intrusion projects’ in JIRA to detect cyber attacks, including first access, monitoring progress and data theft. Group members could comment on each project and give each other advice.
“For example, Iarmak created a JIRA issue, which he and other members of the cybergroup had access to, for a specific victim company, and on or about March 3, 2017, Iarmak updated that JIRA and uploaded data he had stolen from that company,” says the DOJ.
While prosecutors did not say how much Iarmak earned, they noted that his salary was “far higher than comparable legitimate work in Ukraine.”
Iarmak was apprehended and arrested in Bangkok, Thailand in 2019. The hacker fought extradition but was sent to the US in 2020.
He was charged and pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
The DoJ began arresting FIN7 members in 2018. To date, three have been convicted in the United States. Iarmak joins Fedir Hladyr, who was sentenced to 10 years behind bars, and Andrii Kolpakov, who will serve a seven-year prison term.
“Iarmak was directly involved in designing phishing emails that were embedded with malware, penetrating victim networks and extracting data such as payment card information,” said US attorney Nicholas Brown of the Western District of Washington. “To make matters worse, he continued his work for the criminal enterprise FIN7 even after the arrests and prosecution of co-conspirators.”
Previous and related coverage
Do you have a tip? Safe contact via WhatsApp | Signal on +447713 025 499, or via Keybase: charlie0