Ukrainian hackers steal credit card records

Oliver Bradshaw | Last Updated:

Technical VPN Analyst

Ukrainian hackers steal credit cards

This week saw the arrest of three Ukrainian nationals who were linked to the theft of more than 15 million credit card details after a major hacking campaign. The campaign saw more than 100 high profile American businesses targeted and the hacking group’s main aim was to infiltrate system servers to harvest credit card information. Some of the companies targeted included conglomerates such as Arby’s Chili’s and even Chipotle.

The hacking group was known as the Carbanak group by authorities and it was revealed that they utilised social engineering, as well as different types of phishing attacks, to break through business firewalls and other security platforms and gain access to sensitive financial information. A number of the attacks were backed by malware that was embedded within an email attachment and was typically masked as an SEC complaint or a hotel reservation.

The Attack

Another major phishing email that was developed specifically target food companies was the Carbanak group’s food poisoning email alert.

One of the major incidents that allowed the hacking group to gain access near effortlessly was the almost-exact replica FDA email that informed the businesses of their false food poisoning incident. As far as authorities know, this email was directed toward companies who had previous food quality issues in the past, making the likelihood of a ‘click’ far higher.

The email was included with the message: “You can find attached the list of inspections and checks scheduled to take place at your restaurant.” Though, the attachment within the message contained malware.

The Hackers

Today saw the names of the hackers unveiled as Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov all three of which were charged with 26 counts of conspiracy as well as wire fraud, access device fraud, computer hacking and aggravated identity theft.

The attacks were so well planned that the hackers had even developed a false security company that assisted in the hacking campaign and also provided corporate businesses security services which allowed the hackers direct and near-unlimited access to anything they wanted.

The initial arrests were conducted in Poland, German and Spain with the assistance of local authorities. As of this writing, two of the three suspects have not yet been extradited.

PRIVACY ALERT: Websites you visit can see your current IP Address:

  • Your IP Address:
  • Your Location: Ashburn, US
  • Your Internet Provider:

* Scammers, Governments, and Advertisers can use this information to track and target you.

Our recommended vpn service provider for general all-round internet security and online privacy is ExpressVPN. It offers an excellent selection of online security and internet privacy features, excellent speed, and the ability to unblock your favorite streaming services (Netflix, Hulu, Amazon Prime, BBC iPlayer).

Visit ExpresssVPN

Categories: News

view further information about ExpressVPN prices

Our Testing Process

  1. Security
  2. No-Logs Policies
  3. Speed
  4. Streaming
  5. Torrenting
  6. Censorship
view further information about ExpressVPN product features