Eastern Europe-based hacker group that broke into the networks of a number of companies and businesses across America was reported to use another front company in order to find new talents, the Justice Department reported Wednesday, as cited by Newsweek.
The hacker group was allegedly linked to the FIN7 team and used Combi Security as a front company, thus claiming the firm’s headquarters were based in Russia and Israel and it “provided a guise of legitimacy and to recruit hackers to join the criminal enterprise,” the DOJ stated. Their sham website, advertising penetration testing job roles, even listed U.S. hacking victims as “clients.”
Independent analysis found the fake security firm listed job ads on Russian, Ukrainian, and Uzbek recruitment websites. And some applicants may not have known of their illicit schemes.
Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30, were named in indictments this week, described as “high-ranking members” of FIN7. The criminal unit—facing charges in the U.S. District Court in Seattle—is also known as the Carbanak Group. It is alleged that the gang stole more than 15 million card records from thousands of business locations.
Victimized firms that had point of sale terminals hacked included Chipotle Mexican Grill, Chili’s, Arby’s and Red Robin, officials said. The pilfered details were eventually sold on the dark web.
The hacking group is believed to have dozens of members. According to the indictments, the gang’s members used phishing emails to dupe staffers at firms in 47 U.S. states. As part of the scheme, they would make telephone calls to legitimize the ruse. Once an attachment was opened, a form of malware also known as Carbanak would be installed. Security experts say the team also targeted government and telecommunications companies.