Fin7, also known as Carbanak and JokerStash, are a cybercriminal group that have caused chaos globally with a series of targeted large-scale thefts of payment card data. Fin7 are also known for hacking banks and other financial institutions.
The three Ukrainian men are accused of using malware to attack more than 120 US companies such as Chipotle and Arby’s. Companies in France, Australia and the UK are also said to have been targeted by the group.
The US Department of Justice has revealed that the group hijacked more than 15 million payment card details from around 6,500 point of sale devices in the US. The data was then sold on the dark web.
Fin7 used various methods to gain access to systems and infiltrate them. Their hacks seem to follow the same formula, by starting with sending spear-phishing emails to their targets. The emails used domain spoofing to imitate relevant business partners and had a file attachment on the email that contained malicious software.
The group also targeted customer support departments in larger companies. They would call and claim that they had a specific problem with a product or service. Then they would follow up with an email containing an attachment with supposed information about the ‘problem’, which contained malware.
The group formed in 2013 and is understood to be still active. The three men face charges of conspiracy, hacking, wire fraud, and identity theft.