Security Awareness Training Blog

    Cybercrime Carbanak Gang Leaders Arrested After Causing 1 Billion In Damage

    Fin_7_Malware_Scheme_FBIThe FBI announced Wednesday, August 1st, that an international manhunt had collared three leaders of the Carbanak gang. Also known as Fin7, Carbanak specialized in phishing business for credentials they could use to upload paycard-data-stealing malware into business systems connected with point-of-sale terminals.

     

    They would steal card data and sell it in a black-market carding forum. They also did a side business in the theft and sale of proprietary or non-public information, but that was just gravy: their main course was always selling cards in the criminal-to-criminal market. They targeted more than a hundred companies in the US alone, most of them in the gaming, restaurant, and hospitality sectors. Some of the better-known companies they hacked included Red Robin, Chipotle, and Arby's.

    The three men arrested, Dmytro Fedorov, Fedir Hladyr and Andrii Kopakov, are all Ukrainian nationals. They're now in US Federal custody and awaiting trial on twenty-six felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. Fedorov is awaiting extradition in Poland and Kopakov is doing the same in a Spanish holding cell. Hladyr, picked up by police in Dresden, Germany, is already in Seattle.

    Carbanak was a big operation, thought to have stolen more than $1 billion from businesses worldwide. One hopes these arrests will cripple the gang, but criminal organizations have come back from seeming death before.

    Social engineering, in this case phishing with follow-up phone calls and even workplace surveillance, is effective, which is why criminals and nation-states will continue to try it. Every organization should consider some realistic, interactive training to help raise its employees' awareness of what's at stake, and how they can prevent potentially catastrophic loss. In the meantime, bravo FBI.

    The FBI has the story, complete with a useful infographic explaining how the Fin7 scammers worked, from phishing to carding: https://www.fbi.gov/contact-us/field-offices/seattle/news/stories/how-cyber-crime-group-fin7-attacked-and-stole-data-from-hundreds-of-us-companies

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews