Ukrainians hacked restaurants in Lynnwood and Everett

A cybercrime group stole more than 15 million customer records from across the U.S.

EVERETT — The Eastern European hackers were as sophisticated as they were prolific.

Their reach was worldwide.

In the U.S. alone, they breached computer networks of businesses in 47 states, stealing more than 15 million customer credit and debit card records from roughly 3,600 separate businesses, mainly in the restaurant, casino and hospitality industries.

The list of infiltrated businesses included a restaurant off Everett Mall Way and another off 196th Street in Lynnwood in March of 2017, according to a 32-page federal indictment released Wednesday.

The Department of Justice announced Wednesday that three high-ranking members of a cybercrime group have been arrested and are in custody facing charges filed in U.S. District Court in Seattle. Court papers identified the suspects as Ukrainian nationals who are part of a hacking group known as FIN7, also called the Carbanak Group and the Navigator Group.

The trio were arrested in Germany, Poland and Spain, said U.S. Attorney Annette Hayes from the Western District of Washington. They’re accused of wire fraud, conspiracy to commit wire and bank fraud, aggravated identity theft and conspiracy to commit computer hacking, among other charges.

Hayes said she hopes the arrests send a message to “these hackers (who) think they can hide behind keyboards in far away places.”

At the same time, Hayes said, “we are under no illusion that we have taken this group down all together.”

“The investigation is not over,” said Jay Tabb, special agent in charge for the FBI’s Seattle Field Office. The FBI has been working with law enforcement worldwide, he said.

“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” Tabb said.

FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were used or sold on the Darknet for profit. Hacks also occurred in the United Kingdom, Australia, France and other countries. Some of the companies that disclosed being hacked included Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli. One of the restaurants that fell victim to the cyber ploy was a Chipotle along Everett Mall Way, according to an address listed in the federal indictment.

FIN7 crafted email messages that would appear legitimate, sometimes inquiring about making a catering order. Once an attached file was opened and activated, malware would be used to access and steal payment card data.

The tactic is known as spear phishing.

Samples of the emails look benign. A fictitious James Anhil, for instance, in May 2017 was requesting “a takeout order for tomorrow for 11 a.m.” The email instructed the restaurant worker to open a file for the order.

“It’s completely opaque to them,” Tabb said.

FIN7 also used a front company, believed to be headquartered in Russia and Israel, to provide a guise of legitimacy and recruit hackers, according to the Department of Justice. “Ironically,” the justice department wrote, “the sham company’s website listed multiple U.S. victims among its purported clients.”

Eric Stevick: 425-339-3446; stevick@heraldnet.com.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Olivia Vanni / The Herald 
The Mukilteo Lighthouse. Built in 1906, it’s one of the most iconic landmarks in Snohomish County.
The Mukilteo Lighthouse. Built in 1906, it’s one of the most iconic landmarks in Snohomish County. (Olivia Vanni / The Herald)
Mukilteo mayor vetoes council-approved sales tax

The tax would have helped pay for transportation infrastructure, but was also set to give Mukilteo the highest sales tax rate in the state.

South County Fire plans push-in ceremony for newest fire engine

Anybody who attends will have the opportunity to help push the engine into the station.

Marysville Mayor Jon Nehring gives the state of the city address at the Marysville Civic Center on Wednesday, Jan. 31, 2024, in Marysville, Washington. (Ryan Berry / The Herald)
Marysville council approves interim middle housing law

The council passed the regulations to prevent a state model code from taking effect by default. It expects to approve final rules by October.

x
State audit takes issue with Edmonds COVID grant monitoring

The audit report covered 2023 and is the third since 2020 that found similar issues with COVID-19 recovery grant documentation.

Bothell
Bothell man pleads guilty to sexual abuse of Marysville middle schoolers

The man allegedly sexually assaulted three students in exchange for vapes and edibles in 2022. His sentencing is set for Aug. 29.

Larsen talks proposed Medicaid cuts during Compass Health stop in Everett

Compass Health plans to open its new behavioral health center in August. Nearly all of the nonprofit’s patients rely on Medicaid.

Britney Barber, owner of Everett Improv. Barber performs a shows based on cuttings from The Everett Herald. Photographed in Everett, Washington on May 16, 2022. (Kevin Clark / The Herald)
August 9 will be the last comedy show at Everett Improv

Everett improv club closing after six years in business.

Community members gather for the dedication of the Oso Landslide Memorial following the ten-year remembrance of the slide on Friday, March 22, 2024, at the Oso Landslide Memorial in Oso, Washington. (Ryan Berry / The Herald)
The Daily Herald garners 6 awards from regional journalism competition

The awards recognize the best in journalism from media outlets across Alaska, Idaho, Montana, Oregon and Washington.

Logo for news use featuring Snohomish County, Washington. 220118
Snohomish County will host climate resiliency open house on July 30

Community members are encouraged to provide input for the county’s developing Communitywide Climate Resiliency Plan.

Monroe Mayor Geoffrey Thomas talks to the crowd about the new "Imagine Monroe" city flag and symbol before the ribbon cutting on Monday, July 14, 2025 in Monroe, Washington. (Olivia Vanni / The Herald)
Monroe unveils its new $17M City Hall and municipal court

Mayor Geoffrey Thomas showcased the new campus to residents, local and state officials during a celebration Monday.

National Weather Service issues red flag warning for slopes of Cascades

High temperatures, low humidity and winds are combining for critical fire weather conditions, either “imminent or occurring now.”

Photo courtesy of Graphite Arts Center
Amelia DiGiano’s photography is part of the “Seeing Our Planet” exhibit, which opens Friday and runs through Aug. 9 at the Graphite Arts Center in Edmonds.
A&E Calendar for July 10

Send calendar submissions for print and online to features@heraldnet.com. To ensure your… Continue reading

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.