Extradited Zeus IcedID malware kingpin pleads guilty The Register

p
Oh no youre thinking yet another cookie popup
Well sorry its the law We measure how many people read us
and ensure you see relevant ads by storing cookies on your device
If youre cool with that hit Accept all Cookies
For more info and to customize your settings hit
Customize Settings
pp
Heres an overview of our use of cookies similar technologies and
how to manage them
You can also change your choices at any time by hitting the
Your Consent Options link on the sites footer
pp
These cookies are strictly necessary so that you can navigate the site as normal and use all features Without these cookies we cannot provide you with the service that you expect
pp
These cookies are used to make advertising messages more relevant to you
They perform functions like preventing the same ad from continuously reappearing ensuring that ads are properly displayed for advertisers and in some cases selecting advertisements that are based on your interests
pp
These cookies collect information in aggregate form to help us understand how our websites are being used
They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites If people say no to these cookies we do not know how many people have visited and we cannot monitor performance
ppA Ukrainian cybercrime kingpin who ran some of the most pervasive malware operations faces 40 years in prison after spending nearly a decade on the FBIs Cyber Most Wanted ListppVyacheslav Igorevich Penchukov 37 pleaded guilty this week in the US to two charges related to his leadership role in both the Zeus and IcedID malware operations that netted millions of dollars in the processppPenchukovs plea will be seen as the latest big win for US law enforcement in its continued fight against cybercrime and those that enable itppHowever authorities took their time getting him in cuffs Penchukov first became involved in the Zeus banking trojan as early as May 2009 but was only arrested over a decade later in Geneva Switzerland in 2022ppZeus primary goals were to recruit machines into its botnet and to act as a banking trojan stealing various information used for financial fraud such as bank account information passwords and PINs ppPenchukov and his coconspirators then falsely represented to banks that they were employees of the victims and authorized to make transfers of funds from the victims bank accounts causing the banks to make unauthorized transfers of funds from the victims accounts resulting in millions of dollars in losses to the victims said the Department of Justice on ThursdayppThe enterprise used residents of the United States and elsewhere as money mules to receive wired funds from victims bank accounts into their own bank accounts who then withdrew and wired funds overseas to accounts controlled by Penchukovs coconspiratorsppThe FBI et al dismantled Zeus in 2014 after previously claiming that one of its variants Gameover Zeus had infected up to 1 million PCs globally causing in excess of 100 million in lossesppLike many other major malware strains that have come and gone Zeus also had various different versions and iterations developed based on its source code ppThe SpyEye RAT for example was developed as a successor to Zeus and was armed with a number of additional features such as keylogging and card stealer capabilities all with a view to facilitating financial fraud The US nabbed two of its leaders back in 2016 who are now eight years deep into a combined 24year sentenceppAlso known as Vyacheslav Igoravich Andreev and sometimes just Tank Penchukovs role in the Zeus operation landed him a spot on the FBIs Cyber Most Wanted List an accolade that would do very little to stop him from carrying on as normalppUndeterred by the 2014 takedown of Zeus SpyEyes head honchos and of course being firmly in the FBIs crosshairs Penchukov returned to cybercrime in 2018 taking up a leadership role in the IcedID operationppIcedID was first spotted in 2017 and continues to be disseminated by various operations today including Emotet Raspberry Robin and BumblebeeppIts perhaps no surprise Penchukov found his way to IcedID in 2018 At the time like Zeus it was primarily a banking malware and was the new thing on the scene potentially representing an exciting albeit not entirely unfamiliar project to sink his teeth intoppMore recently and perhaps why it became such a hot target for US authorities IcedID became a precursor to ransomware and was linked to a 2020 attack on the University of Vermont Medical Center UVM ppThe facility incurred losses upwards of 30 million the DoJ said and jeopardized critical patient services for two weeks after creating a risk to lifeppMalware like IcedID bleeds billions from the American economy and puts our critical infrastructure and national security at risk said US attorney Michael Easley for the eastern district of North Carolina ppThe Justice Department and FBI Cyber Squad wont stand by and watch it happen and wont quit coming for the worlds most wanted cybercriminals no matter where they are in the world This operation removed a key player from one of the worlds most notorious cybercriminal rings Extradition is real Anyone who infects American computers had better be prepared to answer to an American judgeppPenchukov was eventually arrested in 2022 and extradited to the US a year later This week he admitted one count of conspiracy to commit a racketeer influenced and corrupt organizations RICO act offense relating to Zeus and one count of conspiracy to commit wire fraud in relation to IcedID ppEach count carries a maximum sentence of 20 years His sentencing date is set for May 9 2024 ppSend us newsppThe Register Biting the hand that feeds ITpp
Copyright All rights reserved 19982024

p