Ukrainian citizen and supervisor of a hacker group FIN7 he was sentenced to seven years in prison for his role as a “pen tester” and compromising the debit and credit cards of tens of millions of users.
Andrej Kolpakov (33) was arrested in Spain on June 28, 2018, and then extradited to the United States on June 1, 2019. In June 2020, Kolpakov pleaded guilty.
The court also ordered Kolpakov to pay $ 2.5 million in damages.
Defendant, who was linked to the FIN7 group from April 2016 until his arrest, led other hackers tasked with hacking companies ’PoS systems, and installing malware to steal financial information.
The FIN7 group, also known as Anunak, Carbanak and Navigator, is responsible for the sophisticated campaign of attacks it has carried out since 2015, attacking primarily restaurants, hotels, casinos and other companies with a high frequency of PoS transactions.
FIN7 used Combi Security to recruit hackers, one of whom was Kolpakov himself, to secure a veil of legitimacy for an essentially illegal company, presenting itself as “one of the leading international companies” offering penetration testing services to customers around the world.
FIN7 sent carefully written e-mails, as it would have previously gathered the information about the company necessary to make the e-mails it sent to employees look like normal business correspondence. Spear fišing e-mailove which the group sent to company employees was followed by phone calls by which hackers tried to give additional legitimacy to e-mails and persuade employees to open them along with an attachment containing malware. When an employee opened a file in an email, the malware would be activated and the group could then connect to the infected computer, install additional malware on it, and move through the company network. The malware allowed hackers to monitor employees in companies, and to steal login information from them. In the final phase of the attack, FIN7 would locate PoS systems with user data, and steal data from payment cards. For all this, the group used Carbanak malware, in addition to the arsenal of other tools.
The stolen data was sold on hacker forums, and those who bought it could perform unauthorized transactions with them.
The total damage resulting from these attacks exceeds one billion dollars, the US Department of Justice said.
Kolpakov is the second member of the FIN7 group to be convicted in the United States since the beginning of the year. In April, another 35-year-old Ukrainian citizen, Fedir Hladir, was sentenced to 10 years in prison as a manager and system administrator responsible for maintaining the server infrastructure used by the FIN7 group to attack and control victims’ devices.
Source: Informacija.rs by www.informacija.rs.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!