Thursday, February 13, 2025
HomeSecurity HackerThree Members of Fin7 Hacker Group Charged With Stealing 15 Million Payment...

Three Members of Fin7 Hacker Group Charged With Stealing 15 Million Payment Cards

Published on

SIEM as a Service

Follow Us on Google News

The US Department of Justice charges three members from the infamous FIN7 hacker group, also referred as Carbanak Group. The Carbank hacker group is active since 2013 have attempted attacks against various banks, financial institutions, the e-payment gateway with their well-designed malware dubbed Cobalt.

The three accused are Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30. FIN7 members engaged in a highly sophisticated malware campaign targeting more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries. reads DOJ Statement.

Also, the group targeted hacked into thousand’s of computers and stolen millions of payment card and sold them in dark web. FIN7 hacker group launched numerous waves of cyber attacks on businesses in the US and across the world.

With all of their attack, they use to send carefully crafted spear-phishing emails with malicious attachments to gain access to the victim’s systems, once the hacker group gained access they steal payment card details.

Within united states itself, the group breached computer networks on companies in 47 states, 15 million payment card details from over 6,500 PoS terminals at 3,600 separate business locations.

Fin7 Hacker Group

All the three arrested FIN7 members charged with 26 felony counts for wire fraud, computer hacking, access device fraud, and aggravated identity theft.

Fedir Hladyr served as systems administrator who maintains their server and the communication channels. He was arrested in Germany.

Fedorov a highly skilled hacker who supervised the hacking activity of the victims’ computer systems. he was arrested in Poland. Kolpakov was also a supervisor, he was arrested in Spain.

The FIN7 hacking group hides their activities by running a security company “Combi Security” and they recruit hackers to join the criminal enterprise.

“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” said Special Agent in Charge Tabb.

Also Read

Russian APT28 Hacking Group Tracked Using a Variant X-Agent Delivering Via JPG File

Hacking Group “RANCOR” Identified Using Malware Families LAINTEE and DDKONG

Chinese Hacking group ‘Thrip’ Targets Satellite communications, Telecoms, and Defense Companies

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Critical Chrome Flaw Allows Attackers to Remotely Execute Code

Google has released an urgent update for its Chrome browser to address a critical...

Global IoT Data Leak Exposes 2.7 Billion Records and Wi-Fi Passwords Worldwide

A massive security lapse has exposed over 2.7 billion records, including sensitive Wi-Fi credentials,...

Palo Alto PAN-OS Zero-Day Flaw Allows Attackers to Bypass Web Interface Authentication

Palo Alto Networks has disclosed a zero-day vulnerability in its PAN-OS software (CVE-2025-0108), allowing...

Enhancing Threat Detection With Improved Metadata & MITRE ATT&CK tags

The cybersecurity landscape continues to evolve rapidly, demanding more sophisticated tools and methodologies to...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

INDOHAXSEC Hacker Group Allegedly Breaches Malaysia’s National Tuberculosis Registry

The Indonesian hacker group "INDOHAXSEC" has allegedly breached the National Tuberculosis Registry (NTBR) of...

Europe’s Most Wanted Teenage Hacker Arrested

Julius “Zeekill” Kivimäki, once Europe's most wanted teenage hacker, has been arrested.Kivimäki, known for his involvement with the notorious Lizard Squad,...

MySQL Security Best Practices Guide – 2024

MySQL stands out for its reliability and efficiency among the various database systems available....