Ukrainian Member of Notorious FIN7 Cybercrime Group Sentenced
Denys Iarmak is the third member of FIN7 to go to prison.
A Ukrainian man called a "pen tester" by his cohorts in the FIN7 cybercrime gang was sentenced to five years in prison for his role hacking for the operation.
Denys Iarmak, 32, was arrested in Bangkok, Thailand, in late 2019. After an initial extradition battle, he was delivered into US custody in May 2020. He pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
FIN7, aka Carbanak Group, for years has wreaked havoc worldwide. In just the US, it has pilfered over 20 million payment card records from more than 3,600 business locations, resulting in more than $1 billion in victim losses. Among the businesses who were hit by FIN7 in the US: Chipotle Mexican Grill, Chili's, Arby's, Red Robin, and Jason's Deli.
Iarmak, who worked with FIN7 from 2016 to 2018, managed the cybercrime organization's hacking operations using the popular Jira project management tool, where the group's members logged and tracked their breaches of victims, uploaded stolen data, and provided assistance to one another. He is now the third member of FIN7 to be sentenced for their crimes.
"Iarmak was directly involved in designing phishing emails embedded with malware, intruding on victim networks, and extracting data such as payment card information," US Attorney Nicholas W. Brown of the Western District of Washington said in a statement announcing the sentencing. "To make matters worse, he continued his work with the FIN7 criminal enterprise even after the arrests and prosecution of co-conspirators. He and others in this cybercrime group used hacking techniques to essentially rob thousands of locations of multiple restaurant chains at once, from the comfort and safety of their keyboards in distant countries."
FIN7 has evolved amid pressure from law enforcement and researchers exposing its activity, from mostly pilfering payment card data to deploying ransomware and double-extortion attacks, for instance. The gang also has added new tools and uses supply chain attacks and stolen credentials to hack into targets.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024