Ukrainian hackers steal credit card records
Oliver Bradshaw | Last Updated:
Technical VPN Analyst
This week saw the arrest of three Ukrainian nationals who were linked to the theft of more than 15 million credit card details after a major hacking campaign. The campaign saw more than 100 high profile American businesses targeted and the hacking group’s main aim was to infiltrate system servers to harvest credit card information. Some of the companies targeted included conglomerates such as Arby’s Chili’s and even Chipotle.
The hacking group was known as the Carbanak group by authorities and it was revealed that they utilised social engineering, as well as different types of phishing attacks, to break through business firewalls and other security platforms and gain access to sensitive financial information. A number of the attacks were backed by malware that was embedded within an email attachment and was typically masked as an SEC complaint or a hotel reservation.
Another major phishing email that was developed specifically target food companies was the Carbanak group’s food poisoning email alert.
One of the major incidents that allowed the hacking group to gain access near effortlessly was the almost-exact replica FDA email that informed the businesses of their false food poisoning incident. As far as authorities know, this email was directed toward companies who had previous food quality issues in the past, making the likelihood of a ‘click’ far higher.
The email was included with the message: “You can find attached the list of inspections and checks scheduled to take place at your restaurant.” Though, the attachment within the message contained malware.
Today saw the names of the hackers unveiled as Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov all three of which were charged with 26 counts of conspiracy as well as wire fraud, access device fraud, computer hacking and aggravated identity theft.
The attacks were so well planned that the hackers had even developed a false security company that assisted in the hacking campaign and also provided corporate businesses security services which allowed the hackers direct and near-unlimited access to anything they wanted.
The initial arrests were conducted in Poland, German and Spain with the assistance of local authorities. As of this writing, two of the three suspects have not yet been extradited.