Ukrainians Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30, belonged to the gang also known as the Carbanak Group because of the malware that they used.
The US Justice Department said in an indictment that the trio had targeted more than 100 American companies in the gaming, restaurant and hospitality sectors since 2015. Australian agencies also played a role in the arrest.
Fedorov, Hladyr and Kolpakov operated out of Eastern Europe and also attacked companies in the UK, Australia and France. In the US, FIN7 breached networks of companies in 47 states and the District of Columbia, stealing more than 15 million customer card records from 6500 individual PoS terminals at 3600 separate locations.
Hladyr was arrested in Dresden, Germany, and extradited to Seattle where he is awaiting trial. Fedorov was arrested in Poland and his extradition has been sought by the US. The third man, Kolpakov, was arrested in Spain and his extradition. too, is pending.
The FIN7 gang operated by sending carefully crafted messages to likely victims with Microsoft Word attachments that contained embedded malware. This then connected to a command and control server and downloaded more malicious software, among which was the Carbanak malware, which has been used by others in a big transnational attack on the banking industry.
One of the phishing emails used by the gang. Courtesy: US Department of Justice
The gang used a front company, Combi Security, said to be headquartered in Russia and Israel, to guise their actions and to recruit people to join their criminal enterprise.
“The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet,” said Assistant Attorney-General Brian Benczkowski.
“Because hackers are committed to finding new ways to harm the American public and our economy, the Department of Justice remains steadfast in its commitment to working with our law enforcement partners to identify, interdict, and prosecute those responsible for these threats.”
Australian Law Enforcement and Cyber Security Minister Angus Taylor said: “This operation is a great example of how the Australian Government is targeting cyber criminals wherever they are. FIN7 is accused of hacking systems and stealing millions of customer credit and debit card details.
“Australian agencies are deploying their most sophisticated cyber capabilities, combined with traditional police work, to go after criminals and stop them from targeting Australia.
“International crime requires an international response. There is an ongoing global effort to crack down on cyber criminals who are targeting our businesses and hardworking Australians.
"Australia has helped deal a body blow to a prolific international hacking group.”