A Ukrainian was sentenced today in the Western District of Washington to five years in prison for his criminal work with the FIN7 hacking group.
According to court documents, 32-year-old Denys Iarmak was a high-profile hacker, whom the group called a “feather tester” for FIN7. He was arrested in Bangkok, Thailand in November 2019 at the request of US law enforcement. Iarmak is the third FIN7 member to be sentenced in the United States. On April 16, 2021, Fedir Hladyr, a member of FIN7, was sentenced to 10 years in prison. On June 24, 2021, FIN7 member Andrii Kolpakov was sentenced to seven years in prison.
In the United States alone, FIN7 has successfully breached corporate computer networks in all 50 states and the District of Columbia, stealing over 20 million customer card records from over 6,500 point-of-sale terminals individuals in more than 3,600 distinct business locations. According to court documents, the victims incurred enormous costs which, by some estimates, exceeded $1 billion. Other intrusions have occurred overseas, including in the UK, Australia and France. Companies that have publicly disclosed hacks attributable to FIN7 include chains such as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli.
“Iarmak and his conspirators compromised millions of financial accounts, causing more than $1 billion in losses to Americans and costs to the American economy,” Assistant Attorney General Kenneth A. Polite, Jr. said in the statement. criminal division of the Department of Justice. “Protecting businesses – large and small – online is a top priority for the Department of Justice. We are committed to working with our international partners to hold these cybercriminals accountable, no matter where they live or how anonymous they think they are.
“Iarmak was directly involved in designing phishing emails embedded in malware, breaking into victims’ networks and extracting data such as payment card information,” the report said. U.S. Attorney Nicholas W. Brown of the Western District of Washington. “To make matters worse, he continued his work with the FIN7 criminal enterprise even after the arrests and prosecutions of the co-conspirators. He and other members of this cybercrime group used hacking techniques to essentially steal thousands of multi-chain restaurant locations at once, from the comfort and safety of their keypads in faraway lands.
“This cybercriminal probed and mapped victim networks looking for data to exploit,” said Special Agent in Charge Donald M. Voiret of the FBI’s Seattle Field Office. “Masking themselves a legitimate company, the hacking group to which he belonged recruited other members to assist them in their criminal activities. Thanks to the hard work of law enforcement, this defendant, who is responsible for a huge amount of loss, will spend the next few years in prison.
According to court documents, since at least 2015, members of FIN7 (also referred to as the Carbanak Group and the Navigator Group, among other names) have engaged in a highly sophisticated malware campaign to attack hundreds of American businesses, primarily in the catering, gambling, and hospitality industries. FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers which were then used or sold for profit. FIN7, through its dozens of members, has launched waves of malicious cyberattacks on numerous companies operating in the United States and abroad. To execute its scheme, FIN7 carefully crafted emails that would appear legitimate to a company’s employees and accompanied the emails with phone calls intended to further legitimize the emails. Once a file attached to a fraudulent email was opened and activated, FIN7 used a tailored version of the Carbanak malware, in addition to an arsenal of other tools, to access and steal customers’ payment card data. of the company. Since 2015, many stolen payment card numbers have been offered for sale in online underground markets.
Iarmak was involved with FIN7 from approximately November 2016 to November 2018. Iarmak frequently used project management software such as JIRA, hosted on virtual private servers in various countries, to coordinate FIN7’s malicious activities and manage various network intrusions. JIRA is a project management and issue tracking program used by software development teams. JIRA allows team members to create “projects” containing published “issues” under which other team members can comment and share data. Under each issue, FIN7 members tracked their progress in breaching a victim’s security, uploaded data stolen from the victim, and counseled each other. By way of example, Iarmak created a JIRA issue, which he and other cybergroup members had access to, for a specific victim company, and on or about March 3, 2017, Iarmak updated that JIRA and downloaded the data he had stolen from this company. During the program, Iarmak received compensation for his participation in FIN7, which far exceeded comparable legitimate employment in Ukraine. Additionally, FIN7 members, including Iarmak, were aware of the reported arrests of other FIN7 members, but continued to attack American businesses nonetheless.
Iarmak initially fought extradition, but in February 2020 he consented to extradition in a Thai court. In May 2020, he was transferred to the United States. In November 2021, Iarmak pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
This case is the result of an investigation by the FBI’s Seattle Cyber Task Force. The Department of Justice’s Bureau of International Affairs, the National Cyber-Forensics and Training Alliance, numerous computer security companies and financial institutions, FBI offices across the country and around the world, as well as a number of international agencies provided significant assistance. Thai law enforcement authorities provided significant assistance in arresting Iarmak.
This case was prosecuted by Assistant U.S. Attorney Steven Masada of the Western District of Washington and Attorney General Anthony Teelucksingh of the Criminal Division’s Computer Crime and Intellectual Property Section.