Three Ukrainian citizens were recently arrested for participating in a long-term cyberattack against more than 100 US companies. According to the indictment, the group has stolen more than 15 million credit card records from more than 6,500 point-of-sale terminals in the past. According to security researchers, the gang called Carbanak uses social engineering and phishing attacks to infiltrate businesses and steal financial data from them.
The initial infection was primarily through malware such as email attachments or sometimes pretending to lose hotel reservation information or SEC (US Securities and Exchange Commission) complaint files.
In a cyber attack, the organisation pretended to be the FDA (Food and Drug Administration) Food Safety and Applied Nutrition Center, sending an email to the target company informing about a food poisoning incident. The email reads: “You can find attached the list of inspections and checks scheduled to take place at your restaurant.” In fact, this attachment is a malware.
Dmytro Fedorov, Fedir Hladyr, Andrii Kolpakov are charged with 26 counts of conspiracy, telecommunications fraud, computer hacking, access to equipment fraud, and serious identity theft. The indictment states that these people have established a false security company to cover their hacking. It is reported that the arrests for these three people were carried out in cooperation with the Ukrainian authorities in Germany, Poland and Spain. Two of them are still waiting for extradition.