Share this article on:
The hacker behind Zeus and IcedID malware operations that racked up tens of millions of dollars over a 12-year period.
A Ukrainian hacker has pleaded guilty to a pair of charges related to malware campaigns between 2009 and 2021.
Thirty-seven-year-old Vyacheslav Igorevich Penchukov, from the Donetsk region, pleaded guilty to a count of conspiracy to commit an offence in violation of the Racketeer Influenced and Corrupt Organizations Act (RICO Act), and a count of conspiracy to commit wire fraud.
Penchukov is scheduled to be sentenced on 9 May and each charge carries a maximum jail time of 20 years. He was arrested in 2022 in Switzerland and extradited to the US in 2023.
“Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. These criminal groups stole millions of dollars from their victims and even attacked a major hospital with ransomware, leaving it unable to provide critical care to patients for over two weeks,” said acting assistant attorney general Nicole M Argentieri of the Justice Department’s Criminal Division in a statement.
“Before his arrest and extradition to the United States, the defendant was a fugitive on the FBI’s most wanted list for nearly a decade. Today’s guilty pleas should serve as a clear warning: the Justice Department will never stop in its pursuit of cyber criminals.”
Penchukov assisted in running the Zeus malware operation from May 2009. The operators used the malware to steal bank information from infected devices, which Penchukov and his cronies then used as part of a banking scam, transferring millions of dollars from victim accounts.
The hacker was initially charged in offence of the RICO Act over this operation and was also added to the FBI’s Cyber Most Wanted List at this time.
Penchukov was also one of the top people behind the IcedID malware operation, also known as Bokbot. IcedID was capable of simple data theft, such as banking credentials, but could also deploy other payloads, such as ransomware. In one such instance, the University of Vermont Medical Center suffered a two-week outage that saw it unable to provide the normal level of care to its patients, “creating a risk of death or serious bodily injury to patients”, according to the DOJ.
Penchukov’s wire fraud charge relates to his time with IcedID.
“Malware like IcedID bleeds billions from the American economy and puts our critical infrastructure and national security at risk,” said US Attorney Michael Easley for the Eastern District of North Carolina.
“The Justice Department and FBI Cyber Squad won’t stand by and watch it happen, and won’t quit coming for the world’s most wanted cyber criminals, no matter where they are in the world. This operation removed a key player from one of the world’s most notorious cyber criminal rings. Extradition is real. Anyone who infects American computers had better be prepared to answer to an American judge.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.