A Ukrainian national has been sentenced as a member of the FIN7 hacking group. On Thursday, the US Department of Justice (DoJ) announced the sentencing of Denys Iarmak to five years in prison for working as a FIN7 penetration tester.
Prolific cybercriminal group, FIN7, also known as Carbanak, focuses on financial theft. They've been active since at least 2015, and tend to target the retail & banking sector through Business Email Compromise (BEC) scams, attacks against point-of-sale (PoS) systems, and supply chain compromise.
Blueliv researchers say that FIN7 is one of the top threats to today's financial sector. The DoJ estimates that at least $1 billion in damages has been done to US organizations & consumers. Prosecutors say that Iarmak worked as a pen tester for the group. In the world of cybersecurity, pen testers usually test software and security, but in this case, 32-year-old Iarmak was responsible for managing network intrusions.
Larmak was apprehended & arrested in Bangkok, Thailand, in 2019. The hacker fought extradition but was sent to the US in 2020. He was charged and pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. Though prosecutors didn't say how much Iarmak earned, his paycheck "far exceeded comparable legitimate employment in Ukraine.”