Government agencies from Australia have joined forced with the FBI to disrupt an Eastern European-based cyber crime network targeting local citizens.
The involvement comes as three Ukrainians were arrested on criminal hacking charges including stealing payment card numbers, in attacks on more than 100 U.S. companies that cost businesses tens of millions of dollars, the U.S. Justice Department has revealed.
U.S. prosecutors alleged that the three Ukrainians, who were arrested in Europe between January and June, are members of FIN7, a notorious cyber crime gang also referred to as the Carbanak Group.
Victims include the Chipotle Mexican Grill, Emerald Queen Hotel and Casino in Washington state, Jason's Deli, Red Robin Gourmet Burgers, Sonic Drive-in and Taco John's, according to the Justice Department.
The Emerald Queen stopped the attack and no customer data was stolen, prosecutors said in a press release.
FIN7 has previously been linked to breaches of Trump Hotels, Whole Foods, Saks Fifth Avenue and Lord & Taylor, according to cyber security firm Trend Micro.
Following a joint international law enforcement effort, including Australian Government agencies, the three Ukrainian nationals were arrested in Europe and extradited to the US - they will stand trial for multiple counts of cyber crime and identity theft.
One of the three defendants, Fedir Hladyr, 33, has been transferred to Seattle from Dresden, Germany, where he was arrested. Authorities said they are seeking the extradition of the other two: Dmytro Fedorov, 44, and Andrii Kolpakov, 30.
Hladyr has pleaded not guilty and denies wrongdoing, according to his attorney, Arkady Bukh.
"There is no clear decision at this time whether (we) will go to trial or will consider a plea," Bukh said via email.
The three stole and sold payment card numbers and other data belonging to U.S. citizens and businesses, Assistant Attorney General Brian Benczkowski said in a statement.
FIN7 sent "phishing" emails to companies, sometimes following up with phone calls urging employees to open tainted attachments, the indictments said.
Closer to home, minister for law enforcement and cyber security Angus Taylor said FIN7 is thought to be responsible for targeting businesses in Australia, the US, UK and France.
“This operation is a great example of how the Australian Government is targeting cyber criminals wherever they are,” Taylor said. “FIN7 is accused of hacking systems and stealing millions of customer credit and debit card details.
“Australian agencies are deploying their most sophisticated cyber capabilities, combined with traditional police work, to go after criminals and stop them from targeting Australia.”
FIN7 employs dozens of individuals who handle highly specialised tasks such as breaking into networks, stealing payment card numbers and selling stolen data on underground criminal forums, said Adrian Nish, head of threat intelligence with BAE Systems.
The defendants used a front company named "Combi Security" that claims to have offices in Moscow, Haifa and Odessa, to launch some intrusions, according to court documents.
Combi Security's website describes it as an expert "in the field of comprehensive protection of large information systems from modern cyber threats."
Cyber security firm FireEye said it found job advertisements for Combi Security posted to several different Russian, Ukrainian and Uzbek job recruitment websites.
FIN7 stole more than 15 million customer card records from U.S. businesses and also targeted companies in Australia, France and the United Kingdom, according to U.S. prosecutors.
“International crime requires an international response,” Taylor added. “There is an ongoing global effort to crack down on cyber criminals who are targeting our businesses and hardworking Australians.
“Australia has helped deal a body blow to a prolific international hacking group.”
(Additional Reuters reporting by Christopher Bing and Karen Freifeld in Washington; Pavel Polityuk in Kiev; writing by Diane Bartz; editing by David Gregorio, Bill Trott and Jim Finkle)