Ukrainians hacked restaurants in Lynnwood and Everett

A cybercrime group stole more than 15 million customer records from across the U.S.

EVERETT — The Eastern European hackers were as sophisticated as they were prolific.

Their reach was worldwide.

In the U.S. alone, they breached computer networks of businesses in 47 states, stealing more than 15 million customer credit and debit card records from roughly 3,600 separate businesses, mainly in the restaurant, casino and hospitality industries.

The list of infiltrated businesses included a restaurant off Everett Mall Way and another off 196th Street in Lynnwood in March of 2017, according to a 32-page federal indictment released Wednesday.

The Department of Justice announced Wednesday that three high-ranking members of a cybercrime group have been arrested and are in custody facing charges filed in U.S. District Court in Seattle. Court papers identified the suspects as Ukrainian nationals who are part of a hacking group known as FIN7, also called the Carbanak Group and the Navigator Group.

The trio were arrested in Germany, Poland and Spain, said U.S. Attorney Annette Hayes from the Western District of Washington. They’re accused of wire fraud, conspiracy to commit wire and bank fraud, aggravated identity theft and conspiracy to commit computer hacking, among other charges.

Hayes said she hopes the arrests send a message to “these hackers (who) think they can hide behind keyboards in far away places.”

At the same time, Hayes said, “we are under no illusion that we have taken this group down all together.”

“The investigation is not over,” said Jay Tabb, special agent in charge for the FBI’s Seattle Field Office. The FBI has been working with law enforcement worldwide, he said.

“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” Tabb said.

FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were used or sold on the Darknet for profit. Hacks also occurred in the United Kingdom, Australia, France and other countries. Some of the companies that disclosed being hacked included Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli. One of the restaurants that fell victim to the cyber ploy was a Chipotle along Everett Mall Way, according to an address listed in the federal indictment.

FIN7 crafted email messages that would appear legitimate, sometimes inquiring about making a catering order. Once an attached file was opened and activated, malware would be used to access and steal payment card data.

The tactic is known as spear phishing.

Samples of the emails look benign. A fictitious James Anhil, for instance, in May 2017 was requesting “a takeout order for tomorrow for 11 a.m.” The email instructed the restaurant worker to open a file for the order.

“It’s completely opaque to them,” Tabb said.

FIN7 also used a front company, believed to be headquartered in Russia and Israel, to provide a guise of legitimacy and recruit hackers, according to the Department of Justice. “Ironically,” the justice department wrote, “the sham company’s website listed multiple U.S. victims among its purported clients.”

Eric Stevick: 425-339-3446;

Talk to us

More in Local News

Arlington woman dies in crash on Highway 530

The Washington State Patrol says a Stanwood man ran a red light, striking Zoey Ensey as she turned onto the highway.

FILE - This 2003 electron microscope image made available by the Centers for Disease Control and Prevention shows mature, oval-shaped monkeypox virions, left, and spherical immature virions, right, obtained from a sample of human skin associated with the 2003 prairie dog outbreak. A leading doctor who chairs a World Health Organization expert group described the unprecedented outbreak of the rare disease monkeypox in developed countries as "a random event" that might be explained by risky sexual behavior at two recent mass events in Europe. (Cynthia S. Goldsmith, Russell Regner/CDC via AP, File)
Monkeypox case count rises to 6 in Snohomish County

Meanwhile, cases in the state have roughly doubled every week. Most of those have been in neighboring King County.

Farmer Frog employees sort through a pallet of lettuce at their new location on Wednesday, Aug. 3, 2022 in Snohomish, Washington. (Olivia Vanni / The Herald)
At Farmer Frog’s new pad, nonprofit helps feed 1.5M Washingtonians

The emergency food distribution network began amid the pandemic. Demand was high — so high, the truck volume led them to move.

Logo for news use featuring Snohomish County, Washington. 220118
Snohomish County, cities announce $9.6M for mental health, shelter

Projects span from Edmonds to Sultan. Each city is using American Rescue Plan Act money, with the county contributing, too.

Logo for news use featuring Snohomish County, Washington. 220118
Suspect in custody after man’s gunshot death, standoff

Deputies responded to a domestic violence call and found the suspect barricaded on the property near Snohomish.

Two students walk along a path through campus Thursday, Aug. 4, 2022, at Everett Community College in Everett, Washington. The college’s youth-reengagement program has lost its funding, and around 150 students are now without the money they need to attend classes. (Ryan Berry / The Herald)
Monroe nixes college program, leaving 150-plus students in the lurch

For years, the Monroe School District footed the bill for “U3” students, who have gotten mixed messages about why that’s ending.

Desiree Gott looks over documents before her sentencing Thursday, Aug. 4, 2022, at Snohomish County Superior Court in Everett, Washington. (Ryan Berry / The Herald)
Driver gets over 2 years in death of motorcyclist in Everett

In May, Desiree Gott was turning into the BECU on Evergreen Way when she crashed into Matthew Japhet, 34. She had taken meth.

A frame from video taken by a nearby security camera shows a Bothell police officer (right) shooting a man who allegedly charged him with a knife. (Snohomish County Multiple Agency Response Team) 20210128
Prosecutor declines charges in fatal Bothell police shooting

An officer shot Juan Rene Hummel, 25, five times in 2020, when Hummel charged at the officer with a knife in his hand.

Logo for news use featuring Snohomish County, Washington. 220118
Man dead in shooting near Startup antique store

The man in his 30s was shot before noon Saturday. A man in his early 20s was in custody.

Most Read