On Thursday, the US Department of Justice (DoJ) named Andrii Kolpakov, a 33-year-old from Ukraine, as a past member of FIN7 who served as an attacker internally referenced as a penetration tester. According to US prosecutors, Kolpakov was involved in FIN7 from at least April 2016 until his arrest in June 2018, when he was picked up by law enforcement in Spain and extradited to the United States a year later. The former hacker managed teams of attackers responsible for compromising the security of target systems, including businesses in the US. FIN7, also sometimes referred to as Carbanak, specialized in the theft and sale of consumer records from Point-of-Sale (PoS) systems from companies. Malware used by the group would be used to harvest payment card details that were then used to conduct fraudulent transactions or were sold on. One common attack method employed by FIN7 was Business Email Compromise (BEC), in which phishing emails were sent to employees of a target company containing a malicious file. This attachment contained a variant of the Carbanak malware. The DoJ estimates that in the US alone, over 6,500 PoS systems at more than 3,600 business locations were infiltrated by FIN7, leading to the theft of tens of millions of debit and credit cards, as well costs of over $1 billion that had to be shouldered by victims. Additionally, the threat actors have been connected to attacks against organizations in Australia, France, and the United Kingdom. When it comes to Kolpakov’s earnings, prosecutors claim that his pay “far exceeded comparable legitimate employment in Ukraine.” “Moreover, FIN7 members, including Kolpakov, were aware of reported arrests of other FIN7 members, but nevertheless continued to attack US businesses,” the DoJ added. In June 2020, Kolpakov pleaded guilty to one count of conspiracy to commit wire fraud and a further count of conspiracy to commit computer hacking. He has now been sentenced to seven years in prison and has been ordered to pay $2.5 million in restitution. Europol and the DoJ have both been involved in multiple FIN7 arrests. In April, another Ukrainian national, Fedir Hladyr, was sentenced to 10 years behind bars for acting as a FIN7 systems administrator.
Previous and related coverage
‘High-level’ organizer of FIN7 hacking group sentenced to 10 years in prisonGlobal threat group Fin7 returns with new SQLRat malwareDOJ arrests three Ukrainian nationals from Fin7 cybercrime group
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0