Fedir Hladyr, an Ukrainian citizen, is claimed to have operated as a high-level manager and systems administrator for the FIN7 cyber crime which was also known as the Carbanak Group. The other members of the group who were indicted are also Ukrainians: Dmytro Fedorov and Andrii Kolpakov, the US Department of Justice said in a statement on Friday.
Hladyr was arrested in Dresden, Germany, on an American request and extradited to the US in 2018. In September 2019, he pleaded guilty to conspiracy to commit wire fraud and conspiracy to break into computers.
The FIN7 gang used malware which they developed to attack more than 100 US companies predominantly in the restaurant, gaming and hospitality industries since 2015. Firms that have disclosed attacks linked to FIN7 include such Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli.
Once an attached file was opened and activated, FIN7 would use an adapted version of the notorious Carbanak malware in addition to an arsenal of other tools ultimately to access and steal payment card data for the business’s customers. Since 2015, many of the stolen payment card numbers had been offered for sale through online underground marketplaces.
The DoJ said Hladyr had joined FIN7 through a front company known as Combi Security which posed as a cyber security shop.
“This criminal organisation had more than 70 people organized into business units and teams," said acting US Attorney Tessa Gorman.
"Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems.
“This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers.”