Elite phishing gang leader gets 10 years in prison


Share on facebook
Share on twitter
Share on linkedin

Billions stolen as phishing attacks launched over email, phone, and snail mail.

The system administrator of an elite Ukrainian hacking group that stole more than 15 million credit cards and bank account details has been sentenced to a decade in US federal prison.

The Fin7 (also known as Carbanak) hacking group made hundreds of millions of dollars developing and spreading highly-specialised malware capable of siphoning credit and debit card information which was then sold on underground criminal forums.

All told the group stole and sold more than 20 million customer card records from some 6500 point-of-sale terminals.

Ukrainian national Fedir Hladyr, 35, pled guilty to counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.

The hacking group operated a fake penetration testing business, Combi Security, to recruit hackers (including Hladyr according to his plea deal) and conceal illegal activities. Combi Security listed on its website some of Fin7’s victims as its clientele.

Hladyr was responsible for system administration work including securing the hacking group’s communications, managing its server farm, and launching attacks.

​Those attacks targeted organisations in the United States along with a smaller undisclosed number of organisations in Australia, the United Kingdom, and France.

Law enforcement arrested Fin7 leadership in 2018 but many members remain at large. Authorities estimate Fin7 had some 70 members organised into distinct teams responsible for malware development, infection spreading, and the composition of phishing messages.

The sent expertly-crafted phishing messages. Fin7, unlike most cyber criminals, crafted well-written phishing emails tailored to a victim’s industry. It sent food orders to restaurants with malware-laden word documents and issued fake but convincing invoices.

An innocuous-looking phishing email exemplary of Carbanak’s ability to wreak havoc through careful social engineering

The group even followed up phishing emails with phone calls to bolster the legitimacy of their scams.

An arsenal of tools, including the group’s eponymous-named Carbanak malware, would deploy when phishing email attachments were opened.

Fin7 even sent phishing messages through the post with malware contained within USB sticks.

Acting US Attorney Tessa Gorman of the Western District of Washington said the group inflicted billions of dollars in losses.

“Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems,” Gorman said in a statement.

“This defendant (Hladyr) worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers.”

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.