14 DAY TRIAL // FIN7's Ukrainian cybercrime operative has been sentenced to seven years in prison for running a criminal scheme that allowed FIN7 to hack millions of customers' credit and debit cards, as reported by The Hacker News.
As a member of the organization from April 2016, the defendant was responsible for other hackers charged with spreading malware capable of obtaining financial information. Kolpakov was ordered to pay $2.5 million in restitution by the Western District of Washington.
Andrii Kolpakov, 33, was detained on June 28, 2018 and one year later, authorities successfully extradited him to the U.S. In June 2020, Kolpakov pleaded guilty to conspiracy to commit wire fraud and conspiracy to commit computer hacking.
Other members of the organization who have been arrested were responsible for other hackers accused of breaking into point-of-sale systems in the United States and overseas to spread malware capable of obtaining financial information. FIN7 used a company called Combi Security as a front to recruit hackers.
FIN7 has been involved in various malware campaigns
The Department of Justice explained in a release, "FIN7 carefully crafted email messages that would appear legitimate to a business's employees and accompanied emails with telephone calls intended to further legitimize the emails".
"Once an attached file was opened and activated, FIN7 would use an adapted version of the Carbanak malware, in addition to an arsenal of other tools, to access and steal payment card data for the business's customers".
In the US, FIN7 is believed to have been behind a complex malware campaign that targeted the gaming, restaurant, and hospitality industries to steal credit and debit card numbers. They used the card numbers in underground forums or sold them for profit.
Following Kolpakov, arrest and conviction, the FIN7 group has now had two more members convicted in the United States this year. Fedir Hladyr is one example. He was sentenced to ten years in prison just a few months ago for his role as a top cybercrime manager who was in charge of maintaining the server infrastructure that FIN7 used to hack into and take control of the devices of its victims.