Authorities are one step closer to curbing the notorious hacking crew- Fin7; which has pulled in as much as a billion dollars worth of illegal revenue, as authorities have arrested an alleged member
This arrest follows previous ones made in 2018 by the Justice Department (U.S.) when they arrested three Ukrainians for their roles as I.T. administrators in Fin7. Of the arrested three, one, Fedir Hladyr, pleaded guilty to the accusations.
Seamus Hughes, deputy director of the program on extremism at George Washington University, discovered and shared the court docket with journalists. The unsealed court records listed the criminal pattern and relevant information about the criminal activities of the infamous group. From the records:
- The group’s M.O. involves sending spoof emails to unsuspecting people who install the malware, giving access to their system. The stolen credit cards ended up on Joker’s Stash (a cybercriminal marketplace). The group also targeted public enterprises like Whole Food, Trump’s Place, Jason Deli, Arby’s, and casinos.
- The arrested Ukrainian, Denys Iarmak, who also went by GakTus, was extradited from Thailand.
The complaint laid against Iarmak reads, “Like other members of the group, IARMAK provided his true name to receive payment for his work in furtherance of the group.” It also adds, “in chat logs dating from 2017, Iarmak provided another member of Fin7 with user credentials for a compromised U.S. business as well as internal system information from a target.”
In a censored version of the November 2019 complaints against Iarmak, FBI Special Agent Briana L. Neumiller wrote, “the hacking group remains incredibly active.”
The group is professional and has an organized administrative system that monitors its I.T. infrastructure. They employ the use of sophisticated apps, like Hipchat and JIRA, for interviews and also flagging issues to one another. One of the techniques used allows the group to determine if an A.V product detects their malware as malicious. To lend credence to his organization, Iarmak contracted a cybersecurity firm to develop an antivirus program; and even created fake penetration testing companies, all to make the organization look legit.