Between May 2009 and February 2021, a Ukrainian national admitted guilt to his involvement in two distinct malware schemes, Zeus and IcedID.
Father and tank Vyacheslav Igorevich Penchukov, 37, was extradited to the United States last year after being detained by Swiss authorities in October 2022. In 2012, he was placed on the FBI’s most-wanted list.
Penchukov was referred to as the “leader of two prolific malware groups” by the U.S. Department of Justice ( DoJ), which infected thousands of computers with malware and resulted in the theft of millions of dollars and ransomware.
This included the Zeus banking Trojan, which made it easier to steal passwords, personal identification numbers, and other information required to access online banking accounts.
In order to start unauthorized fund transfers, Penchukov and his fellow conspirators pretended to be members of the “wide-ranging racketeering enterprise” known as the Jabber Zeus gang.
Additionally, they received the wired funds from people living in the United States and other parts of the world as “money mules,” which were then sent to Penchukov et al.-controlled foreign accounts. In 2014, Zeus ‘ successor was demolished.
By aiding in lead attacks involving the IcedID ( also known as BokBot ) malware starting at least in November 2018, the defendant has also been charged with facilitating malicious activity. The malware has the ability to load other payloads, like ransomware, as well as steal information.
Due to his political ties to former Ukrainian President Victor Yanukovych, he ultimately avoided being prosecuted by Ukrainian cybercrime investigators for many years, as investigative journalist Brian Krebs reported in 2022.
Penchukov admitted guilt to one count of conspiracy to commit a racketeer-influenced, corrupt organization ( RICO ) act offense for his leadership of the Jabber Zeus group after his arrest and extradition. For his leadership position in the IcedID malware group, he also admitted guilt to one count of conspiracy to commit wire fraud.
Penchukov will receive a maximum sentence of 20 years in prison for each count when he is sentenced on May 9, 2024.
The DoJ announced the extradition of a 28-year-old Ukrainian national from the Netherlands in connection with fraud, money laundering, and aggravated identity theft by allegedly running and publicizing Raccoon, an information stealer.
For$ 200 per month, Mark Sokolovsky, who was detained by Dutch authorities in March 2022, leased Raccoon to other cybercriminals using a malware-as-service ( MaaS ) model. In April 2019, it was made available for the first time.
The DoJ claimed that these people installed the malware on the computers of unwitting victims using a variety of ruses, including email phishing.
The login credentials, financial information, and other personal records of the victim computers were then stolen by the raccoon infostealer. Financial crimes were committed using stolen information, and cybercrime forums sold it to others.
The U.S. Federal Bureau of Investigation ( FBI ) estimates that the malware has stolen at least 50 million distinct credentials and forms of identification.
The digital infrastructure of Raccoon was coordinated to be destroyed after Sokolovsky’s arrest, but a new variant of the stealer known as RecordBreaker has since gained popularity.
He has been accused of conspiring to commit computer fraud and related offenses, conspiracy to rob people of their money, and aggravated identity theft on separate counts.