According to newly released court documents, Ukrainian national Denys Iarmak has been arrested for alleged involvement in the malicious cyber campaigns run by the infamous hacking group FIN7.
Among others, Iarmak has been charged with conspiracy to commit computer hacking, fraud, intentional damage to a protected computer, access device fraud, conspiracy to commit wire and bank fraud, wire fraud, and aggravated identity theft.
The objectives of the conspiracy included surveillance of victim computer networks and installing additional malware “for the sole purpose of stealing payment card track data, financial information and private data that would later be sold for financial gain.” The report also alleges that Iarmak was hired as a FIN7 “pen-tester” and “tasked with breaching the security of victims’ computers.”
“Like other members of the group, IARMAK provided his true name in order to receive payment for his work in furtherance of the group,” the complaint alleges. “For example, in a December 26, 2026 Jabber chat with one of the leaders of the hacking group, IARMAK sent his PrivateBank account number to receive salary payment.”
Throughout the investigation, authorities say they were also able to identify the accused through his email address. According to his email account records that held a copy of his resume, Iarmak previously worked as a system administrator for multiple companies.
Since 2014, the highly active gang is notorious for stealing nearly $1 billion from US victims by targeting credit card and financial data using the Carbanak exploit.
Their sophisticated malware campaigns are known to have targeted the systems of an array of organizations from the restaurant, gaming and hospitality industry such as Whole Foods, Trump Hotels, Arby’s and Hudson’s Bay.
The prolific hacking group is also known for its polished skills and organizational sophistication. Members often communicate through private HipChat servers allowing instant messaging and file-sharing features that facilitate internal collaboration. The application was also used for interviewing potential recruits that could help distribute their malware and exfiltrate stolen data including credit card details. The bad actors also use project management software, such as JIRA, to further aid their highly coordinated activity.