Cybersecurity News

FBI Most Wanted Zeus and IcedID Malware Creator Pleads Guilty

A Ukranian Malware Mastermind on the FBIs most wanted list has pleaded guilty after being charged with the creation of Zeus and IcedID malware.
FBI Most Wanted Zeus and IcedID Malware Creator Pleads Guilty

A Ukrainian individual has admitted guilt in the United States for his involvement in two separate malware operations, known as Zeus and IcedID, spanning from May 2009 to February 2021.

Vyacheslav Igorevich Penchukov, aged 37 and also known as Vyacheslav Igoravich Andreev, was apprehended by Swiss authorities in October 2022 and subsequently extradited to the U.S. in the previous year. He had been listed on the FBI’s most-wanted roster since 2012.

The U.S. Department of Justice (DoJ) characterised Penchukov as a “leading figure” in two significant malware syndicates responsible for infecting numerous computers with malicious software, resulting in ransomware attacks and the pilfering of millions of dollars.

This included the Zeus banking trojan, which facilitated the illicit acquisition of bank account data, passwords, personal identification numbers, and other vital information for accessing online banking services.

Penchukov and his associates, operating under the guise of victims’ employees as part of the “wide-ranging racketeering enterprise” known as the Jabber Zeus gang, orchestrated unauthorised fund transfers.

They employed individuals based in the U.S. and elsewhere as “money mules” to receive the illicitly obtained funds, which were subsequently channeled to offshore accounts controlled by Penchukov and his cohorts. A successor to Zeus was dismantled in 2014.

Additionally, Penchukov stands accused of facilitating malicious activities by orchestrating attacks involving the IcedID malware from at least November 2018. This malware, also known as BokBot, is capable of stealing information and serving as a conduit for other malicious payloads, such as ransomware.

Despite evading prosecution by Ukrainian cybercrime authorities for an extended period, reportedly due to political ties with former Ukrainian President Victor Yanukovych, Penchukov eventually pleaded guilty to charges related to his leadership roles in both the Jabber Zeus and IcedID groups.

He admitted to one count of conspiracy to commit racketeering under the Racketeer Influenced and Corrupt Organisations (RICO) Act for his involvement in the Jabber Zeus group, as well as one count of conspiracy to commit wire fraud for his leadership role in the IcedID group.

Penchukov is set to be sentenced on May 9, 2024, facing a maximum penalty of 20 years in prison for each offense.

These developments coincide with the DoJ’s announcement regarding the extradition of a 28-year-old Ukrainian national from the Netherlands, linked to fraudulent activities, money laundering, and aggravated identity theft related to the operation and promotion of an information-stealing malware called Raccoon.

Mark Sokolovsky, apprehended by Dutch authorities in March 2022, allegedly leased Raccoon to other cybercriminals under a malware-as-a-service model, charging $200 per month. First introduced in April 2019, Raccoon was disseminated through tactics such as email phishing.

According to the DoJ, Raccoon infostealer harvested personal data from victim computers, including login credentials, financial details, and other sensitive records, which were then utilised for financial crimes or sold on cybercrime forums.

The malware is estimated to have harvested at least 50 million unique credentials and forms of identification, as per the U.S. Federal Bureau of Investigation (FBI).

Sokolovsky faces multiple charges, including conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, conspiracy to commit money laundering, and aggravated identity theft.

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe πŸ˜‡

Related Hacking Guides

Fifteen Steps to maximising firefox privacy πŸ”’βœ…

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity.Β 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me πŸ˜‡

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties πŸ˜‡

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.