The person who was apprehended was a Ukrainian national. Denys Iarmak was allegedly part of spear-phishing campaign that enabled hackers to gain unauthorised access to victims’ system, according to Computer Weekly.
Wired reports that FIN7 has developed its own malware tools and attack styles. Furthermore, the group appears to be well-funded research and testing division that helps it evade detection by antivirus scanners and authorities. As an example, FIN7 has stolen more than 15 million credit card numbers from over 3,600 business locations.
Commenting on the arrest for Digital Journal, Jens Monrad, Head of Mandiant Threat Intelligence, EMEA, FireEye says that the hackers have been involved with some major assaults on the finance sector. Drawing on one example, Monrad notes FIN7 is: “Infamous for its use of the CARBANAK backdoor to extract payment-card data, although it is important to note that we do not equate all use of this exploit with FIN7 and in recent years we have actually observed them diversifying their malware code and attack techniques.”
An example of more recent activity is with the hackers making an attempt to cross-over malware using USB sticks in the U.S. postal service.
Commenting on the arrest, Monrad notes: “This new arrest of Denys Iarmak follows three major arrests the US Department of Justice made in 2018, and we hope will go some way to disrupting FIN7’s cyber crime operators. However, it is important that organisations remain vigilant as FIN7 is just one example of how financially-motivated threat actors are becoming extremely advanced and are capable of inflicting significant harm on organisations through vast, but carefully orchestrated campaigns.”