Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Ukrainian Man Pleads Guilty to Hacking, Wire Fraud Charges

A member of a sophisticated international hacking group that authorities say targeted businesses in 47 states to steal credit and debit card records pleaded guilty to hacking and wire fraud charges in Seattle.

A member of a sophisticated international hacking group that authorities say targeted businesses in 47 states to steal credit and debit card records pleaded guilty to hacking and wire fraud charges in Seattle.

Fedir Hladyr, a 34-year-old Ukrainian, also agreed to pay $2.5 million in restitution as part of his plea Wednesday in U.S. District Court. He could face up to 25 years in prison.

Defense lawyer Arkady Bukh said Hladyr agreed to enter guilty pleas to the two counts because he could have faced a possible sentence of hundreds of years in prison if he was convicted of multiple other counts initially filed against him.

The issue at sentencing will be the number of victims and the dollar amount of losses, Bukh said.

“His wife in Ukraine and his family supports him and they’ll wait for him to come back home,” the lawyer said.

The plea agreement says Hladyr was a member of a hacking group called FIN7 that launched attacks against hundreds of U.S. companies to steal financial information between 2015 and 2019. It’s accused of stealing information involving about 15 million credit and debit cards, with more than $100 million in losses.

Companies hit by the hacking included Chipotle, Arby’s Red Robin and Jason’s Deli, prosecutors said.

Under the plea agreement, the U.S. attorney’s office will dismiss 24 counts in the indictment, but the previous charges can be considered by the judge at sentencing.

Advertisement. Scroll to continue reading.

Greg Otto, a cybersecurity expert, said the plea agreement “hints at a cooperation deal to give more information about the FIN7 group.”

“This group has been pretty brazen in the face of these arrests, so the U.S. government is going to continue to go after them through any means necessary,” Otto said.

Hladyr was arrested in Germany last year. He was FIN7′s systems administrator and maintained the group’s servers, prosecutors said.

Two other members of the group were charged in the hacking conspiracy. Dmytro Fedorov was being held in Poland and Andrii Kolpakov was arrested on May 31, according to court records. His trial is set next year.

The group used phishing emails containing malware that compromised computers, prosecutors said. The emails were sent to people working at hotels and restaurants. The hackers would follow up with phone calls to get them to open attachments sent in the emails, FBI Special Agent Jay Tabb has said.

Once the hackers were inside the computer system, they would access sensitive financial information.

FIN7 then offered the information for sale and it was used to conduct fraudulent transactions, authorities say.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.