Companies affected by the group's cyberattacks suffered an estimated $5 million in losses.
Companies affected by the group's cyberattacks suffered an estimated $5 million in losses.

Following cyberattacks on U.S. companies, the fifth and final defendant in a gang of immigrants from Eastern Europe pleaded guilty to federal fraud charges related to using credit and debit cards, according to a release from the U.S. Department of Justice.

The companies affected suffered an estimated $5 million in losses, the statement said, even leading to the shuttering of one of the targeted companies.

Irina Fedoseeva, 33, a Russian national residing in Los Angeles, pleaded guilty early this week to conspiracy to use unauthorized credit and debit cards and admitted causing more than $225,000 in losses.

In her plea agreement, she admitted to "helping make fraudulent purchases with debit cards." The cards were obtained as a consequence of cyberattacks on two healthcare administrators in December 2015 and February 2016. Fedoseeva is said to have helped a co-defendent purchase items from such retailers as Apple and Best Buy, and then resell it on the internet.

Four other defendants, all residing in the Los Angeles area, have already pleaded guilty to federal fraud charges for their parts in the scheme. Russian nationals Timur Safin, 29; Dmitry Fedoseev, 34; and Kristina Gerasimova, 22, each pleaded guilty on March 20 to aggravated identity theft and debit/credit card fraud. The fifth defendant, Siarhei Patapau, 26, a Belarus native, pleaded guilty on March 6 to similar felony charges.

The five defendants are accused of conspiring with computer hackers, including some believed to be residing in Russia.

Specifically, the group is charged with:

  • hacking into an airline's computer system in July 2014, leading to their funding prepaid credit cards in the amount of $900,000;
  • a December 2015 hack into the system of a healthcare administrator, from which they reactivated a dormant dependent care account and ordered numerous debit cards subsequently used to make $550,000 in fraudulent purchases; and
  • a February 2016 attack on a different healthcare administrator that enabled the members to order debit cards linked to reactivated accounts that were later used to make $3.5 million in fraudulent purchases.

The unauthorized cards were used to make cash withdrawals, purchase money orders and make purchases at retail outlets such as Apple, Best Buy, Home Depot and Target, the DoJ statement said.

Sentencing is scheduled for June and September. Patapau, Safin and Fedoseev each face a statutory maximum sentence of 12 years in federal prison. Gerasimova faces a statutory maximum sentence of seven years, and Fedoseeva faces a statutory maximum sentence of five years.