Connect with us

Hi, what are you looking for?



Ukrainian Man Pleads Guilty to Hacking, Wire Fraud Charges

A member of a sophisticated international hacking group that authorities say targeted businesses in 47 states to steal credit and debit card records pleaded guilty to hacking and wire fraud charges in Seattle.

A member of a sophisticated international hacking group that authorities say targeted businesses in 47 states to steal credit and debit card records pleaded guilty to hacking and wire fraud charges in Seattle.

Fedir Hladyr, a 34-year-old Ukrainian, also agreed to pay $2.5 million in restitution as part of his plea Wednesday in U.S. District Court. He could face up to 25 years in prison.

Defense lawyer Arkady Bukh said Hladyr agreed to enter guilty pleas to the two counts because he could have faced a possible sentence of hundreds of years in prison if he was convicted of multiple other counts initially filed against him.

The issue at sentencing will be the number of victims and the dollar amount of losses, Bukh said.

“His wife in Ukraine and his family supports him and they’ll wait for him to come back home,” the lawyer said.

The plea agreement says Hladyr was a member of a hacking group called FIN7 that launched attacks against hundreds of U.S. companies to steal financial information between 2015 and 2019. It’s accused of stealing information involving about 15 million credit and debit cards, with more than $100 million in losses.

Companies hit by the hacking included Chipotle, Arby’s Red Robin and Jason’s Deli, prosecutors said.

Advertisement. Scroll to continue reading.

Under the plea agreement, the U.S. attorney’s office will dismiss 24 counts in the indictment, but the previous charges can be considered by the judge at sentencing.

Greg Otto, a cybersecurity expert, said the plea agreement “hints at a cooperation deal to give more information about the FIN7 group.”

“This group has been pretty brazen in the face of these arrests, so the U.S. government is going to continue to go after them through any means necessary,” Otto said.

Hladyr was arrested in Germany last year. He was FIN7′s systems administrator and maintained the group’s servers, prosecutors said.

Two other members of the group were charged in the hacking conspiracy. Dmytro Fedorov was being held in Poland and Andrii Kolpakov was arrested on May 31, according to court records. His trial is set next year.

The group used phishing emails containing malware that compromised computers, prosecutors said. The emails were sent to people working at hotels and restaurants. The hackers would follow up with phone calls to get them to open attachments sent in the emails, FBI Special Agent Jay Tabb has said.

Once the hackers were inside the computer system, they would access sensitive financial information.

FIN7 then offered the information for sale and it was used to conduct fraudulent transactions, authorities say.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...