Reach back to September 2019 - May 2020 Hladyr -FIN-7

Oh you’d like to see the actual receipts, when a certain PITA Twitter account said Watch this Space - we have a plea agreement in the works - okie dokie I can do that too

It is one thing to say you know what you know but it becomes a vastly different conversation when you can prove it (FTR I’ve followed the FIN-7 ¹take down all the way back in late 2017 but that research is eternally gone) —Notwithstanding this 2018 FBI notice provides you with a fact based primer of FIN-7 and why last week’s sentencing was important. Which reads in part:

Ukrainian nationals Dmytro Fedorov, Fedir Hladyr, and Andrii Kopakov, are members of a prolific hacking group widely known as FIN7 (also referred to as the Carbanak Group and the Navigator Group, among other names). Since at least 2015, FIN7 members engaged in a highly sophisticated malware campaign targeting more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries.

The FBI further aggregated the massive scope of their investigation into FIN-7, stating in part (at the time I Tweeted —something to the effect of - “huh that’s odd FIN-7 didn’t penetrate any Company or US Persons in Alaska or South Dakota)

FIN7 successfully breached the computer networks of companies in 47 states and the District of Columbia, stealing more than 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations. 

Even all the way back to 2015 - I’d actually argue it goes back to late 2014 and would oddly line up with the Massive Data Breaches of Yahoo, Linkedlin, MindSpring <—originally announced in 2000 a researcher identified an open-source e-commerce software, coupled with (arguably human error) misconfigured hosting server. Which resulted in password files for over 100 domains hosted by Atlanta-based EarthLink Inc.

Sophisticated Social Engineering: Phishing and Calling

FIN-7 put its targets on the Hospitality industry, specifically restaurants and chain[hotels —which notoriously have lax cycbersec protocols - the FBI concluded that FIN-7 used “phishing” email to a company employee to get into the target(s) network, starting in part:

Each email included an attached file, often an innocuous-appearing Microsoft Word document, with embedded malware. The text within the email simulated a legitimate business-related message in order to lead the recipient employee to open the attachment and unwittingly activate the malware that would infect the computer.

If you had the (mis)fortune of following me on Twitter then you would recall the significant amount of research and various Court filings threads. For Example September 2019 - JABBER <— because that continues to make me laugh

Like I said it’s one thing to make public prognostication -while refusing to show your readers/followers any original documents. But it’s an entirely different level of prognostication by uniformly providing my readers/followers with access to root/original documents - I noted that on April 1 2020 - something in the docket made me go - hold my Red Bull

And then on April 10, 2020 I told my readers/followers to pay attention and drop what you are doing and go read this SEC press release <— which was largely ignored

Which was then followed up by this May 2020 subthread where I meticulously walked your through how the dots connected, what they did and who they did it to. Yet again this thread was largely ignored by the Twitter-universe (and you wonder why I’m never returning to that cesspool of a platform that’s overrun with charlatans, pretenders and actual obsessed narcissistic functioning sociopaths) - I can’t actually express my level of frustration with that platform or actually enumerate the hours and monies I’ve spent on obtaining Court documents

Oh you’d like more receipts of my lost research? May 27, 2020 archive

Now that you have a fraction of my previous research (that September 2019 thread) which was largely ignored - turns out you probably should have paid attention - but I’m not the boss of you. Which now brings us to the DOJ-OPA April 16, 2021 Press Release, which reads in part:

High-level organizer of notorious hacking group FIN7 sentenced to ten years in prison for scheme that compromised tens of millions of debit and credit cards

Overall damage to banks, merchants, card companies, and consumers estimated at more than $3 billion

The Acting U.S. Attorney Gorman said the following after the sentence was imposed:

This criminal organization had more than 70 people organized into business units and teams.  Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems…This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers.”

Link to Final Judgment https://ecf.wawd.uscourts.gov/doc1/19719623764

The final judgment reads in part - The defendant is hereby committed to the custody of the United States Bureau of Prisons to be imprisoned for a total term of:

• 120 months for Count 1 and

• 60 months for Count 16, to be served concurrently.

• Defendant shall be given credit for time served since January 10, 2018.

Additionally Defendant FEDIR HLADYR -upon his release was also sentenced to three years supervised. The Defendant is also required, pursuant to 18 U.S.C. §§ 3663 and 3663A ²to make restitution

Under the SPECIAL CONDITIONS OF SUPERVISION - the restitution amount is as follows;

Restitution in the amount of $2,500,000 is due immediately. Any unpaid amount is to be paid during the period of supervision in monthly installments of not less than 10% of his or her gross monthly household income. Interest on the restitution shall be waived.

Read page 5 of Defendant FEDIR HLADYR final judgment closely because he was facing multiple decades in prison and it appears he was useful to the Government and likely secured the conviction of other members of FIN-7. Keep in mind FIN-7 stole over 150+ million credit cards, worldwide.

If you want a full understanding of the totality of economic damage FIN-7 created, one needs to look no further than the Government’s sentencing memorandum https://ecf.wawd.uscourts.gov/doc1/19709611699 - because the level of detail in the Government’s Memorandum is staggering³ (but for those of us who have followed this case since it’s inception - it simply re-affirmed previous assertions)

The level of sophistication and “cyber Darwinism” used by FIN-7 can not be emphasized enough. This group was likely the most sophisticated hacking group ever experienced in the wild. Their ability to shift on the fly -largely allowed them to elude law enforcement for years. More troubling are the growing number of progeny, born from FIN-7⁴. Hackers have managed to make the weapons used in FIN-7

Did it occur to some that my repeated SEC tweets/threads were based in fact versus QAnon-for-the-Left conspiracy theories —that I was actually pointing out that FIN-7 targeted the SEC?

At any rate if you get the sense of my frustration- well that’s intended. I’m fed up with doing the research and then being proved months or sometimes years later that my assessments were correct. I based those on facts versus insanely complicated conspiracy theories

GOVERNMENT SENTENCING MEMO, found here

FINAL JUDGEMENT found here,

I should have taken more time off because I need to get into a better headspace— being the constant target of hateful, insane and obsessed stalkers —their actions have real life implications and the injury they have caused is concrete and particularized and ultimately they will have to pay the consequences of their deleterious behavior. Conversely I’m glad that I’m living rent free in your head(s).

-Filey

1

August 2018 DOJ-OPA Announcement Three Members of Notorious International Cybercrime Group “Fin7” in Custody for Role in Attacking Over 100 U.S. Companies Victim Companies in 47 U.S. States; Used Front Company ‘Combi Security’ to Recruit Hackers to Criminal Enterprise

2

18 U.S.C. §§ 3663 and 3663A - Mandatory restitution to victims of certain crimes -last visited April 16, 2021 - https://www.govinfo.gov/content/pkg/USCODE-2000-title18/pdf/USCODE-2000-title18-partII-chap232-sec3663A.pdf

3

The government proffered the following 2017 report as a footnote in their sentencing memorandum - Footprints of Fin7: Pushing New Techniques to Evade Detection (see Shifting Techniques - Initial Payload, Halfbaked Obfuscation Change, New Halfbaked Feature…) https://atr-blog.gigamon.com/2017/10/08/footprints-of-fin7-pushing-new-techniques-to-evade-detection/

4

Researchers Disclose Details of FIN7 Hacking Group's Malware - Report Dissects JSSLoader Remote Access Trojan https://www.bankinfosecurity.com/researchers-disclose-details-fin7-hacking-groups-malware-a-15703

Comments

[Candy]

"more than $3 billion" and they say shoplifters are killing brick and mortar retail. Last time I heard, no one was shoplifting truckloads of fantasy bras...

[toad]

Hey - weekend off filey! What happened?