A Ukrainian national, Andrii Kolpakov of 33 years was sentenced in the Western District of Washington to seven years in prison for his role in the criminal work of the hacking group FIN7.
The court documents say Andrii Kolpakov has used several different names, served as a high-level hacker, whom the group referred to as a “pen tester,” for FIN7 from 2016 to 2018. He was cuffed by authorities in Lepe, Spain, in 2018, and extradited to the US in 2019.
In the year 2020, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
How FIN7 Hacking Group Works?
The members of FIN7 engaged in a highly sophisticated malware campaign to attack hundreds of U.S. companies, mainly in the restaurant, gambling, and hospitality industries since at least 2015.
FIN7 has hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were then used or sold for profit.
The hacking group will vigilantly craft email messages that would appear legitimate to a business’s employees and accompanied emails with telephone calls planned to further legitimize the emails.
Upon opening the attached file, FIN7 would use an adapted version of the Carbanak malware, in addition to an arsenal of other tools, to access and steal payment card data for the business’s customers. Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces.
The intrusions that happened in the United States alone, FIN7 has breached the computer networks of businesses in all 50 states and the District of Columbia, stealing more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations. According to court documents, victims incurred huge costs that exceeded $1 billion.
Kolpakov Invlolvement With FIN7
Kolpakov was involved with FIN7 from 2016 until his arrest in June 2018. He was able to manage other hackers tasked with breaching the security of victims’ computer systems.
He was assigned to supervise and train the new recruits and apprised his team members of the latest tools and developments in FIN7’s phishing campaigns and malware arsenal.
The documents say, Kolpakov received compensation for his participation in FIN7, which far exceeded comparable legitimate employment in Ukraine. FIN7 members, including Kolpakov, were aware of reported arrests of other FIN7 members but continued to attack U.S. businesses.
According to the Justice Department, “during his time with FIN7 the gang’s attacks resulted in over $100 million in losses to various financial institutions, merchant processors, insurance companies, retail companies, and individual cardholders”. Therefore he has now been sentenced to seven years in prison and has been ordered to pay $2.5 million in restitution.