Threat Watch

FIN7 Member Detained and Tried in Russia; Receives Light Sentence

After being brought in by the Russian Federal Security Service (FSB) in February of 2019, confirmed FIN7 member Maxim Zhukov Sergeevich has now received a sentence for his crimes. Prior to being picked up in Russia, Maxim had worked for an alleged FIN7 front company Combi Security under the title “Metasploit Developer.” The company was believed to be disguising themselves as a legitimate security company so they could pull off intrusions and attempt to make them look like penetration tests. Someone like Zhukov was hired since he was familiar with Metasploit, which was commonly used by FIN7 in past operations. His role in the attacks performed by FIN7 are not completely known, but after being tried in Russian court, Zhukov has received a relatively mild sentence compared to the two FIN7 members that were tried in the United States. Zhukov will receive a one year suspended sentence and one year probation for developing malware for the group. Since 2016, Zhukov is the first member of a major cybercrime coalition to face trial in Russia.

ANALYST NOTES

Every country has its own laws and sentencing for cybercrime. It is surprising that Russian law enforcement investigated, arrested, and ultimately prosecuted a Russian citizen for developing malware that was used against US and western European victims and did not affect any Russian victims. It is not surprising that the judge gave the defendant such a light sentence with no prison time. This sends a mixed message to other cyber-criminals living in Russia, that while their actions might have some legal consequences, the punishment will probably be light if they don’t target former CIS countries. If the financial rewards are high and the risk of punishment is low, cybercrime will continue to flourish and grow.

https://therecord.media/fin7-hacker-trialed-in-russia-gets-no-prison-time/