A Ukrainian national was arrested last week in Seattle for his alleged involvement in hacking operations run by FIN7, a syndicate known for stealing approximately $1 billion from its victims in the United States.
According to court documents obtained by CyberScoop, Denys Iarmak has been charged with conspiracy to commit computer hacking, accessing a protected computer to commit fraud, intentional damage to a protected computer, access device fraud, conspiracy to commit wire and bank fraud, wire fraud, and aggravated identity theft.
The arrest is a significant move against financially motivated FIN7, which has targeted the hospitality and gaming industries in the last several years. FIN7 has gone after restaurants including Chipotle, Red Robin, Taco John, as well as a credit union and a casino.
According to the court documents, Iarmak was part of a scheme where operators allegedly ran spearphishing campaigns to gain unauthorized access to victim computers, deploy malware, conduct surveillance, and steal credentials, credit and debit cards, and other personally identifiable information.
On multiple occasions, Iarmak allegedly provided other members of FIN7 with information that was stolen from victim companies, the indictment says. Iarmak also had access to dozens of folders containing information about victims through JIRA, a software project management portal FIN7 is known to use to manage its schemes.
The arrest is part of an effort to take down the entire group. Last September, an accused administrator working for FIN7 pleaded guilty to hacking-related charges in Washington.
Despite the arrests, the group is still “extremely active,” according to the FBI special agent who wrote the criminal complaint.
“The hacking group continues to launch extensive phishing attacks and steal point-of-sale information from businesses such as fast food restaurants that process a large volume of point-of-sale transactions,” the complaint reads.
And although FIN7 is known for its targeting of the hospitality industry, the complaint says the group has recently expanded its operations to also victimize law firms. In recent weeks, the group has resorted to sending malware-filled USB drives to its victims via snail mail.
“Additional phishing campaigns also indicate that the hacking group has expanded its reach, and is now attacking victims such as law firms and other service providers with access to customer list or confidential financial information,” the complaint reads
You can read the indictment in full below:
[documentcloud url=”http://www.documentcloud.org/documents/6928399-Iarmak-Fin7-Indictment.html” responsive=true]