Ukrainian national pleads guilty for roles in Zeus, IcedID malware operations
A Ukrainian man accused of playing key roles in two prolific malware groups that bilked millions from victims around the world over a decade pleaded guilty in a U.S. federal court in Nebraska on Thursday.
Vyacheslav Igorevich Penchukov, 37, was arrested in Switzerland in 2022 and extradited to the U.S. in 2023 for his role in the Zeus malware and, later, the IcedID, or Bokbot, malware, according to the U.S. Department of Justice.
The Zeus malware dates to May 2009 and was used to capture bank account credential information as part of a plot to make unauthorized transfers of funds from the victim’s accounts to the attacker’s accounts, according to prosecutors. That operation relied, in part, on “money mules” in the U.S. to receive wired funds and transfer funds to accounts controlled by Penchukov and his associates, prosecutors said.
Penchukov’s role in the Zeus operation landed him on the FBI’s Cyber Most Wanted List. After the addition, he helped lead the IcedID or BokBot operation, from at least November 2018 through February 2021, prosecutors said. That operation included bank account credential theft but also provided access to infected computers to deliver other malware, including ransomware.
Victims of that activity include the University of Vermont Medical Center, which cost the institution $30 million and “left the medical center unable to provide many critical patient services for over two weeks, creating a risk of death or serious bodily injury to patients,” the DOJ said.
Penchukov pleaded guilty to one count of conspiracy to commit a racketeer influenced and corrupt organizations (RICO) act related to the Zeus activity, and one count of conspiracy to commit wire fraud for his role in the IcedID malware group.
He faces a maximum penalty of 20 years in prison for each count. Sentencing is set for May 9.
Penchukov’s attorneys did not respond to a request for comment Thursday.