[BreachExchange] Member of hacking group sentenced for scheme that compromised more than $1 billion

[Matthew Wheeler]

https://www.kiro7.com/news/local/member-hacking-group-sentenced-scheme-that-compromised-more-than-1-billion/FM7NQHDJ3JBZLJY57YLSXJABU4/

Member of hacking group sentenced for scheme that compromised more than $1
billion



By KIRO 7 News Staff

April 07, 2022 at 12:32 pm PDT

A Ukrainian man was sentenced Thursday in the Western District of
Washington to five years in prison for his work with the hacking group FIN7.

The Department of Justice says 32-year-old Denys Iarmak served as a
high-level hacker who was referred to as a “pen tester” for FIN7.

He was arrested in Bangkok in November 2019.

In the United States alone, FIN7 successfully breached computer networks of
businesses in all 50 states and the District of Columbia, with more than 20
million customer card records from over 6,500 individual point-of-sale
terminals across 3,6000 separate business locations.

According to court documents, victims’ losses exceeded $1 billion.

Companies that have publicly disclosed attacks attributable to FIN7 include
Chipotle Mexican Grill, Arby’s, and Red Robin.

Iarmak is the third member of the hacking group to be sentenced in the U.S.
On April 16, 2021, Fedir Hladyr was sentenced to 10 years in prison; on
June 24, 2021, Andrii Kolpakov was sentenced to seven years.


“Mr. Iarmak was directly involved in designing phishing emails embedded
with malware, intruding on victim networks, and extracting data such as
payment card information,” said U.S. Attorney Nicholas W. Brown of the
Western District of Washington. “To make matters worse, he continued his
work with the FIN7 criminal enterprise even after the arrests and
prosecution of co-conspirators. He and others in this cybercrime group used
hacking techniques to essentially rob thousands of locations of multiple
restaurant chains at once, from the comfort and safety of their keyboards
in distant countries.”

Iarmak was involved with FIN7 from around November 2016 through November
2018.

Following his arrest in Bangkok, Iarmak fought extradition but was
eventually transferred to U.S. custody in May 2020.

In November 2021, he pleaded guilty to one count of conspiracy to commit
wire fraud and one count of conspiracy to commit computer hacking.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220408/e8c08161/attachment.html>