System Admin of FIN7 Hacking Group

Fedir Hladyr, 35, a Ukrainian national, served as a high-level manager and systems administrator for FIN7.  He was arrested in Dresden, Germany, in 2018 at the request of U.S. law enforcement and was extradited to Seattle. 

In September 2019, he pleaded guilty to conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. 

The Chief U.S. District Judge Ricardo S. Martinez said, “Cybercrime has become the greatest threat to American’s financial health, and citizens around the globe.”

Acting U.S. Attorney Gorman says, “This criminal organization had more than 70 people organized into business units and teams.  Some were hackers, others developed the malware installed on computers, and still, others crafted the malicious emails that duped victims into infecting their company systems. 

“This defendant worked at the intersection of all these activities and thus bears a heavy responsibility for billions in damage caused to companies and individual consumers.”

FIN7 Hacking Group

Record says FIN7 members (also referred to as Carbanak Group and the Navigator Group, among other names) engaged in a highly sophisticated malware campaign to attack hundreds of U.S. companies, predominantly in the restaurant, gaming, and hospitality industries. 

FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were used or sold for profit. They have launched numerous waves of malicious cyberattacks on numerous businesses operating in the United States and abroad. 

FIN7 cautiously crafted email messages that would appear legitimate to a business’s employees and accompanied emails with telephone calls intended to further legitimize the email. 

Once an attached file was opened and activated, FIN7 would use an adapted version of the notorious Carbanak malware in addition to an arsenal of other tools ultimately to access and steal payment card data for the business’s customers.

FIN7 successfully breached the computer networks of businesses in all 50 states and the District of Columbia, stealing more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.  Additional intrusions occurred abroad, including in the United Kingdom, Australia, and France.

“These cyber thieves orchestrated an elaborate network of hackers and systems to infiltrate businesses and exploit consumers’ personal information,” said Donald M. Voiret, FBI Special Agent in Charge of the Seattle Field Office.  “Their specialized skills to target certain industries amplified the damage exponentially.

System Administrator Sentenced to 10 Years in Prison

Hladyr at first joined FIN7 via a front company called Combi Security—a fake cybersecurity company that had a phony website and no legitimate customers. 

He served as FIN7’s systems administrator who, among other things, played a central role in aggregating stolen payment card information, supervising FIN7’s hackers, and maintaining the elaborate network of servers that FIN7 used to attack and control victims’ computers.  He also controlled the organization’s encrypted channels of communication.

Chief Judge Martinez said he was cognizant of the “ease of sitting at a keyboard and stealing money from people around the globe” and emphasized that would-be cybercriminals “must understand that, once caught, the punishment will be significant.”  The judge also ordered Hladyr to pay $2.5 million in restitution.

German law enforcement authorities provided significant assistance by arresting Hladyr. He was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7, aka Carbanak.

Also Read

22-year-old Charged for Hacking into Public Watering Systems

SpaceX Engineer Pleads Guilty for Insider Trading on the Dark Web

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.