ZDNet reports that Ukrainian national Denys Iarmak, who worked as a penetration tester for the FIN7 hacking group, has been sentenced to five years imprisonment by the U.S. Department of Justice.
As a FIN7 pentester, Iarmak led network intrusion management and worked on developing JIRA-based intrusion projects for cyberattack monitoring, according to prosecutors.
"As one example, Iarmak created a JIRA issue, to which he and other members of the cybergroup had access, for a specific victim company, and, on or about March 3, 2017, Iarmak updated that JIRA and uploaded data he had stolen from that company," the Justice Department said.
Since Iarmak's extradition to the U.S. from Thailand in 2020, he has entered a guilty plea to one count of conspiracy to commit computer hacking and another count of conspiracy to commit wire fraud.
"Iarmak was directly involved in designing phishing emails embedded with malware, intruding on victim networks, and extracting data such as payment card information. To make matters worse, he continued his work with the FIN7 criminal enterprise even after the arrests and prosecution of co-conspirators," said U.S. Attorney Nicholas Brown of the Western District of Washington.
This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!
NBC News reports that Chinese state-sponsored hacking operation APT41 was noted by the U.S. Secret Service to have stolen $20 million or more in COVID-19 relief benefits, including unemployment insurance funds across more than 12 states and Small Business Administration loans, nearly half of which have already been recovered.