Tag Archive for: pleads

Ukrainian national pleads guilty over role in two malware campaigns


Ukrainian national pleads guilty over role in two malware campaigns

Hacker behind Zeus and IcedID malware operations that wracked up tens of millions of dollars over 12 12-year period.

A Ukrainian hacker has pleaded guilty to a pair of charges related to malware campaigns between 2009 and 2021.

37-year-old Vyacheslav Igorevich Penchukov, from the Donetsk region, pleaded guilty to a count of conspiracy to commit a racketeer-influenced and corrupt organisations act offence (also known as the RICO Act), and a count of conspiracy to commit wire fraud.

Penchukov is scheduled to be sentenced on May 9, and each charge carries a maximum jail time of 20 years. He was arrested in 2022 in Switzerland and extradited to the US in 2023.

“Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. These criminal groups stole millions of dollars from their victims and even attacked a major hospital with ransomware, leaving it unable to provide critical care to patients for over two weeks,” said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division in a statement.

“Before his arrest and extradition to the United States, the defendant was a fugitive on the FBI’s most wanted list for nearly a decade. Today’s guilty pleas should serve as a clear warning: the Justice Department will never stop in its pursuit of cyber-criminals.”

Penchukov assisted in running the Zeus malware operation from May 2009. The operators used the malware to steal bank information from infected devices, which Penchukov and his cronies then used as part of a banking scam, transferring millions of dollars from victim accounts.

The hacker was initially charged with the RICO offence over this operation and was also added to the FBI’s Cyber Most Wanted List at this time.

Penchukov was also one of the top people behind the IcedID malware operation, also known as Bokbot. IcedID was capable of simple data theft, such as banking credentials, but could also deploy other payloads, such as ransomware. In one such instance, the University of Vermont…

Source…

Russian national pleads guilty to role in ransomware attacks


A Russian national Dec. 4 pleaded guilty to his role in developing and deploying a suite of malware tools known as Trickbot, used to launch ransomware attacks against American hospitals and other businesses, the Department of Justice announced.

“Combating bad actors in cyberspace is a team sport, and we are proud of the collaboration and coordination at the international level that went into today’s plea,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “In a time when most cyber news is about the latest threat or attack, we applaud this win for the ‘good guys.’ The combined efforts of the FBI, Department of Justice and international partners have brought to justice this notorious cybercriminal who facilitated ransomware attacks against American hospitals and health systems, disrupting care delivery and risking patient safety. This win highlights the need for ransomware victim hospitals to cooperate with the FBI and other federal agencies to aid in investigative efforts and to gather cyber threat intelligence to prevent future attacks.”  

For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity
 

Source…

Russian developer of Trickbot malware pleads guilty, faces 35-year sentence


A Russian national pleaded guilty in federal court in Cleveland on Thursday to charges related to his involvement in developing and deploying the malicious software known as Trickbot. He faces a maximum penalty of 35 years, the U.S. Department of Justice said.

According to court documents, Vladimir Dunaev, 40, was a member of a cybercriminal organization that deployed Trickbot to steal money and install ransomware on victims’ computers. The group’s victims — including hospitals, schools, and businesses in the U.S. — suffered tens of millions of dollars in losses.

Trickbot, which was taken down last year, is believed to have stolen more than $180 million worldwide. Dunaev was extradited from South Korea to the U.S. in 2021.

Dunaev was actively involved in Trickbot’s operation, the DOJ said. In particular, he created browser modifications and malicious tools to harvest credentials and mine data from infected computers. He also improved remote access for Trickbot actors and developed a code to evade detection by legitimate security software.

“Dunaev and his codefendants hid behind their keyboards, first to create Trickbot, then using it to infect millions of computers worldwide… invading privacy and causing untold disruption and financial damage,” DOJ statement said.

Ten victims in the Northern District of Ohio, including Avon schools and a North Canton real-estate company, were defrauded of more than $3.4 million via ransomware deployed by Trickbot while Dunaev was involved in the operation, prosecutors said.

In June, one of Dunaev’s co-conspirators, Alla Witte — a Trickbot malware developer and Latvian national — pleaded guilty and was sentenced to two years and eight months in prison.

In February and September, the U.S. and U.K. also issued financial sanctions on 18 other members of Trickbot, freezing their assets and imposing travel bans.

The individuals targeted by the sanctions “include key actors involved in management and procurement for the Trickbot group, which has ties to Russian intelligence services,” according to the U.S. Treasury.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna…

Source…

Member of Russian cybergang Trickbot pleads guilty in $180 million global ransomware spree that hit Avon schools, others


CLEVELAND, Ohio — A Russian man on Thursday admitted to his role in the cybergang Trickbot that attacked millions of computers around the world with ransomware, including those in hospitals during the coronavirus pandemic.

Vladmir Dunaev, 40, pleaded guilty in federal court in Cleveland to conspiracy to commit computer fraud and conspiracy to commit bank and wire fraud.

He faces between five and six-and-a-half years in prison when U.S. District Judge Solomon Oliver sentences him. Oliver set a sentencing date for March 20, but said he could move that date up.

Dunaev is the second person to plead guilty in the United States to working for the Russia-based gang, which authorities say stole at least $33 million from Americans and $180 million worldwide.

He worked as a malware developer for the gang, and he was not a high-level planner, authorities said. He helped devise ways for the malware to avoid detection by cybersecurity software programs and developed tools to mine data on hacked computers, among other roles, Assistant U.S. Attorney Dan Riedl said.

Dunaev was arrested in 2021 in South Korea.

The case was prosecuted in Cleveland because some of Trickbot’s victims were in Northeast Ohio, including Avon schools, which lost about $471,000, and a North Canton business that lost about $750,000.

A co-defendant, Alla Witte, was the first Trickbot member to plead guilty in the case and was sentenced in June to two years and three months in prison.

Trickbot and other malware convictions are rare because many of its members live in Russia or other countries that do not have extradition agreements with the United States.

In September, prosecutors in Cleveland and elsewhere charged 14 more members of the gang and its offshoot, Conti. Another gang member was charged in February. None of the 15 has been arrested.

The U.S. Treasury Department and United Kingdom have also issued sanctions, including travel bans and asset freezes, against 18 gang members.

Officials in both countries have said Trickbot has direct ties to Russian intelligence.

The group grew to have as many as 400 members and infected millions of computers across the globe, including in Italy, Australia, Belgium and Canada.

The malware…

Source…