Ukrainian national pleads guilty over role in two malware campaigns

Hacker behind Zeus and IcedID malware operations that wracked up tens of millions of dollars over 12 12-year period.

A Ukrainian hacker has pleaded guilty to a pair of charges related to malware campaigns between 2009 and 2021.

37-year-old Vyacheslav Igorevich Penchukov, from the Donetsk region, pleaded guilty to a count of conspiracy to commit a racketeer-influenced and corrupt organisations act offence (also known as the RICO Act), and a count of conspiracy to commit wire fraud.

Penchukov is scheduled to be sentenced on May 9, and each charge carries a maximum jail time of 20 years. He was arrested in 2022 in Switzerland and extradited to the US in 2023.

“Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. These criminal groups stole millions of dollars from their victims and even attacked a major hospital with ransomware, leaving it unable to provide critical care to patients for over two weeks,” said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division in a statement.

“Before his arrest and extradition to the United States, the defendant was a fugitive on the FBI’s most wanted list for nearly a decade. Today’s guilty pleas should serve as a clear warning: the Justice Department will never stop in its pursuit of cyber-criminals.”

Penchukov assisted in running the Zeus malware operation from May 2009. The operators used the malware to steal bank information from infected devices, which Penchukov and his cronies then used as part of a banking scam, transferring millions of dollars from victim accounts.

The hacker was initially charged with the RICO offence over this operation and was also added to the FBI’s Cyber Most Wanted List at this time.

Penchukov was also one of the top people behind the IcedID malware operation, also known as Bokbot. IcedID was capable of simple data theft, such as banking credentials, but could also deploy other payloads, such as ransomware. In one such instance, the University of Vermont…

Source…