US federal officials have arrested another Ukrainian national for his alleged involvement in cyber campaigns run by notorious hacking group Fin7.
As per court documents released last week, Denys Iarmak was arrested from Seattle following his extradition from Thailand. He has been charged with conspiracy to commit wire and bank fraud, conspiracy to commit computer hacking, access device fraud, intentional damage to a protected computer, accessing a protected computer to commit fraud, and aggravated identity theft.
The complaint further reveals that Iarmak was part of Fin7's spear-phishing campaign, which enabled hackers to gain unauthorised access to victim computers.
Hackers then used the access to plant malware, conduct surveillance, and steal user credentials, payment card and other sensitive details from victim machines.
As per court records, Iarmark also went by handles GakTus, Denis Jamak, and Denys Yarmakand.
"Like other members of the group, IARMAK provided his true name in order to receive payment for his work in furtherance of the group," the complaint reads.
Chat logs dating from 2017 suggested that Iarmak provided a member of Fin7 with user credentials for a compromised US enterprise. He also used those credentials to communicate with a cyber security firm about installing and activating an anti-virus product.
When officials searched Iamark's Gmail account, they found many pictures of his identification documents, including his Ukrainian passports.
Arrest of Denys Iarmak is part of an effort by US law enforcement agencies to take down the entire Fin7 group, whose victims include Chipotle, Taco John, Whole Foods, Red Robin and other fast food restaurants, credit unions, and casinos.
The FIN7 group has been active since 2014, having targeted a large number of companies in various industries, including software, technology, banking, restaurants and government agencies. The group is known for primarily targeting payment-card and other financial data using the Carbanak exploit. Researchers also believe that Fin7 has stolen more than $1 billion from multiple organisations in past four years.
In 2018, the US Department of Justice had announced the arrest of three members of Fin7 group - Dmytro Fedorov (44), Fedir Hladyr (33) and Andrii Kopakov (30) - who had allegedly stolen over 15 million credit card details. Last year, Fedir Hladyr pleaded guilty to charges related to his role as an IT administrator for Fin7.
In a report last year, researchers at FireEye warned that Fin7 still remains a growing threat despite the arrest of its members. The researchers claimed that the group had ramped up its offensive capabilities by adding new code to its malware arsenal.
It is built on an entirely different codebase and was compiled in November 2019
The tool uses zero-day bug in the Darwin XNU kernel
The malware avoids infecting every Android device, and rather focuses on hand-picked targets
Message telling people that they may be infected links to a malicious website which asks for personal details
Theft of such valuable data could threaten the delivery of secure treatment options, the agency believes