Did you have your credit card info stolen from Chili’s, Arby’s, or Chipotle recently? Well, the Department of Justice claims they have some of the perpetrators in custody. Three men are accused of being members a high-profile hacking group responsible for the theft of millions of credit card numbers from more than 100 companies.
The men are all Ukrainian nationals and each was arrested in a different country—Germany, Poland, and Spain. According to the DOJ, they are believed to be members of a hacking group known as FIN7, which is said to have dozens of members and isn’t believed to be tied to any particular government. The men, identified as Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov have been indicted on a total of 26 charges including conspiracy, wire fraud, and computer hacking.
Along with the indictments, the DOJ released an outline of how the group carried out its attacks. It’s a pretty standard phishing scam with an email sent to an employee at a company, which was often accompanied by a phone call to make the email seem more legitimate. When a target clicked on a malicious link, malware would be installed on their system. The hackers would then hoover up credit card numbers and sell them on the dark web. In total, the group is said to have obtained over 15 million credit card records from more than 6,500 point-of-sale terminals.
Other victims included the Red Robin and Jason’s Deli franchises as well as several casinos and hotels. The DOJ says that the group used a front company called Combi Security “to provide a guise of legitimacy and to recruit hackers to join the criminal enterprise.” The company’s now-deleted website allegedly listed some of the group’s victims as past clients.
In March, a man believed to be FIN7's leader—he’s only identified as Denis K—was taken into custody by Europol. Other members are still believed to be at large but, the DOJ said, “the naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise.”