Fin7 hacker sentenced to 5 years in prison

A Ukrainian man has been sentenced to five years in prison after being convicted as one of the primary hackers behind the notorious Fin7 financial malware ring.

A Ukrainian national will be spending the next five years behind bars for his role in the notorious Fin7 hacking operation.

Denys Iarmak, 32, was handed the prison term Thursday after being found guilty on counts of conspiracy to commit wire fraud and conspiracy to commit computer hacking. According to the U.S. Department of Justice (DOJ), Iarmak was one of the more technically inclined members of the Fin7 hacking crew, conducting the intrusions and managing the networks that had been compromised by attackers.

"Iarmak was involved with FIN7 from approximately November 2016 through November 2018," the DOJ said in the announcement. "Iarmak frequently used project management software such as JIRA, hosted on private virtual servers in various countries, to coordinate FIN7 malicious activity and to manage the assorted network intrusions."

The sentencing comes after Iarmak had tried to fight extradition and charges in the U.S. following his 2019 arrest in Thailand.

The Fin7 crew is believed to have been behind account thefts and bank fraud schemes that added up to more than $1 billion, according to the DOJ. Also known as Carbanak, the hacking crew managed to steal some 15 million account credentials and then drain them of funds.

The DOJ said that Iarmak and other Fin7 hackers would begin their intrusions by sending their targets phishing emails. Once the targeted individuals opened the malicious attachments, their machines would be infected with the Carbanak malware.

"Iarmak was directly involved in designing phishing emails embedded with malware, intruding on victim networks, and extracting data such as payment card information," said U.S. Attorney Nicholas Brown, who prosecuted the case in the Western Washington District Court.

"To make matters worse, he continued his work with the FIN7 criminal enterprise even after the arrests and prosecution of co-conspirators. He and others in this cybercrime group used hacking techniques to essentially rob thousands of locations of multiple restaurant chains at once, from the comfort and safety of their keyboards in distant countries," Brown said.

The sentence Iarmak received is one of the lighter to be handed out to members of the Fin7 crew. In April 2021, hacker Fedir Hladyr was handed 10 years behind bars, and in June 2021, Andrii Kolpakov was sentenced to seven years for his role in the Fin7 scheme.

Even with the conviction, the Fin7 hacking operation is going strong. According to a blog post from Mandiant this week, the criminals have shifted to a newer, more sophisticated malware as they look to compromise more networks.

"Despite indictments of members of FIN7 in 2018 and a related sentencing in 2021 announced by the U.S. Department of Justice, at least some members of FIN7 have remained active and continue to evolve their criminal operations over time," according to Mandiant researchers Bryce Abdo, Zander Work, Ioana Teaca and Brendan McKeague.

"Throughout their evolution, FIN7 has increased the speed of their operational tempo, the scope of their targeting, and even possibly their relationships with other ransomware operations in the cybercriminal underground," the blog post said.

Dig Deeper on Threat detection and response