Federal investigators indicted three Ukranian nationals who were allegedly part of the Carbanak gang, a hacking syndicate responsible for stealing payment card records across the US.
Three members of the notorious hacking syndicate known as Carbanak have been arrested for stealing 15 million payment cards from thousands of point-of-salemachines across the world.
The Carbanak gang, also known as Fin7, have been active since at least 2015, and used their hacking activities to steal payment card records from as many as 6,500 point-of-sale terminals, federal officials said. Targeted companies include fast-food chains such as Chipotle, Red Robin, Arby’s and Chili’s, as well as hotels and casinos.
The Carbanak gang relied on a combination of phishing emails and phone calls. For example, a business might receive a legitimate-looking email about a catering request or hotel reservation with a malicious Word document attached. The hackers can then go as far as to call up the business and trick an unwitting employee to open the phishing email and load the malicious attachment.
Once infected, the victim’s computer can be exploited to run other malware that can be used to scan for other vulnerable systems, like point-of-sale machines. The hackers will then steal any payment card numbers, with the goal of selling the goods on digital black markets.