dark reading threat intel and cybersecurity news

A Ukrainian man called a “pen tester” by his cohorts in the FIN7 cybercrime gang was sentenced to five years in prison for his role hacking for the operation.

Denys Iarmak, 32, was arrested in Bangkok, Thailand, in late 2019. After an initial extradition battle, he was delivered into US custody in May 2020. He pleaded guilty to one count of conspiracy  to commit wire fraud and one count of conspiracy to commit computer hacking.

FIN7, aka Carbanak Group, for years has wreaked havoc worldwide. In just the US, it has pilfered over 20 million payment card records from more than 3,600 business locations, resulting in more than $1 billion in victim losses. Among the businesses who were hit by FIN7 in the US: Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli.

Iarmak, who worked with FIN7 from 2016 to 2018, managed the cybercrime organization’s hacking operations using the popular Jira project management tool, where the group’s members logged and tracked their breaches of victims, uploaded stolen data, and provided assistance to one another. He is now the third member of FIN7 to be sentenced for their crimes.

“Iarmak was directly involved in designing phishing emails embedded with malware, intruding on victim networks, and extracting data such as payment card information,” US Attorney Nicholas W. Brown of the Western District of Washington said in a statement announcing the sentencing. “To make matters worse, he continued his work with the FIN7 criminal enterprise even after the arrests and prosecution of co-conspirators. He and others in this cybercrime group used hacking techniques to essentially rob thousands of locations of multiple restaurant chains at once, from the comfort and safety of their keyboards in distant countries.”

FIN7 has evolved amid pressure from law enforcement and researchers exposing its activity, from mostly pilfering payment card data to deploying ransomware and double-extortion attacks, for instance. The gang also has added new tools and uses supply chain attacks and stolen credentials to hack into targets.