Three members of a sophisticated international operation based in Eastern Europe have been arrested and face charges in federal court in Seattle, officials said Wednesday. (Aug. 1)

Three top  of the sophisticated cybercrime group FIN7, operating out of Eastern Europe, have been arrested on charges of stealing 15 million credit card records by such U.S. companies as Chipotle Mexican Grill, Chili’s, and Arby’s, Justice Department officials said Wednesday.

Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kopakov, 30, all Ukrainian nationals, are each charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft, according to Assistant Attorney General Brian A. Benczkowski. 

Fedorov was arrested in Poland, where he awaits extradition, while Hladyr was taken into custody in Germany in January, and Kolpakov in Spain in June.

According to federal indictments unsealed Wednesday, FIN7 has operated since 2015, engaging in a highly sophisticated malware campaign targeting more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries.

The indictments charge that FIN7, also known as Carbanak Group and the Navigator Group, hacked into thousands of computer systems and stole millions of customer credit and debit card numbers, which the group used or sold for profit. 

According to the charges, the hackers breached computer networks of companies in 47 states and the District of Columbia, stealing more than 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations. They also hit computers in the United Kingdom, Australia, and France.

Companies that have publicly disclosed hacks attributable to FIN7 include such chains as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli. 

Justice Department officials said FIN7 used a front company, Combi Security, purportedly headquartered in Russia and Israel, to provide a “guise of legitimacy” and to recruit hackers to join the criminal enterprise. Combi Security’s website indicated that it also provided a number of security services such as penetration testing.  Ironically, the sham company’s website listed multiple U.S. victims among its purported clients, according to the Justice Department. 

The probe was conducted by the Seattle CyberTaskForce of the FBI and and the U.S. Attorney’s Office for the Western District of Washington, officials said.

Read or Share this story: