New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Carbanak (Fin7)

The FBI has indicted three Ukrainian nationals who have been identified as high-level members of the Carbanak Group, also known as Fin7.  The three men were identified by the FBI as Fedir Hladyr, 33, Dmytro Fedorov, 44, and Andrii Kopakov, 30.  Fedir Hladyr is already in FBI custody after being arrested in Germany, and they are currently waiting on Dmytro Fedorov to be extradited from Spain and Andrii Kopakov to be extradited from Poland.  Carbanak has been behind a number of high profile attacks in the United States and Russia, including POS breaches at restaurants like Arby’s, Chipotle, Red Robin, and Chili’s, as well as targeting other U.S. companies for client information and financial institutions in Russia.  Carbanak group has been tied to the theft of millions of dollars, which includes one instance where the group was able to compromise a number of ATMs throughout Europe and force the ATMs to dump over $7 million, which was timed to be collected by people employed by the group.  This is the second arrest involving the Carbanak group. In March a man who has only been identified as Denis K was arrested by Europol.  Sources close to the investigation have indicated that this is likely not the end of the indictments as the Carbanak group is extensive.  It is believed that a second round of indictments may take place involving a number of Russian citizens.