A Ukrainian national has been sentenced as a member of the FIN7 hacking group.
On Thursday, the US Department of Justice (DoJ) announced the sentencing of Denys Iarmak to five years in prison for working as a FIN7 penetration tester.
FIN7, also known as Carbanak, is a prolific cybercriminal group that focuses on financial theft. Active since at least 2015, FIN7 has tended to target the retail and banking sector through Business Email Compromise (BEC) scams, attacks against point-of-sale (PoS) systems, and supply chain compromise.
The group is constantly evolving its tactics and improving its toolkit. Malware used by the group includes backdoors, information stealers, Trojans, RDP access modules, and even malicious USB drives that are physically mailed to unsuspecting businesses.
Blueliv researchers say that FIN7 is one of the top threats to today’s financial sector. The DoJ estimates that at least $1 billion in damages has been done to US organizations and consumers.
Prosecutors say that Iarmak worked as a pen tester for the group. In cybersecurity, pen testers may be tasked with testing software and security, but in this case, the 32-year-old was responsible for managing network intrusions.
Among his tasks was creating intrusion ‘projects’ in JIRA to