Ukrainian national Vyacheslav Igorevich Penchukov, a key figure in the JabberZeus group, has admitted guilt in connection with his role in orchestrating the development of the Zeus and IcedID malware. Penchukov, also known by the aliases Tank and Father, was apprehended in Switzerland in October 2022 while en route to a meeting with his wife in Geneva and was subsequently extradited to the United States in 2023.
It’s worth noting that the US Department of Justice initially indicted Penchukov in 2012, charging him with participating in a scheme to pilfer millions of dollars through the use of bank account numbers, passwords, personal identification numbers, and other sensitive data compromised by the notorious banking Trojan, Zeus.
Reports have also linked Penchukov to the Maze and Egregor ransomware attacks. In 2021, it was disclosed that he was among those detained by Ukrainian authorities in January 2021, in a global effort to dismantle the Egregor ransomware group. Renowned cybersecurity journalist Brian Krebs noted that Penchukov was able to evade legal action, reportedly due to his significant connections.
Furthermore, Penchukov is alleged to have spearheaded the development of the IcedID malware (also known as Bokbot) from November 2018 to February 2021, around the time he was recognized by the FBI as one of the most wanted cybercriminals.
“Vyacheslav Igorevich Penchukov orchestrated the operations of two cybercriminal factions responsible for infecting thousands of computers with malware. These groups pilfered millions from their victims and even launched a ransomware assault on a major hospital, crippling its ability to provide essential patient care for over two weeks,” stated Acting Assistant Attorney General Nicole Argentieri. “Before his apprehension and extradition to the United States, the defendant was a fixture on the FBI’s Most Wanted list for nearly a decade.”
According to reports from U.S. officials, Penchukov has admitted guilty to charges of racketeering conspiracy under the RICO Act (The Racketeer Influenced and Corrupt Organizations Act). This charge is linked to his pivotal role in orchestrating the Zeus malware. Additionally, “Tank” has conceded to a separate charge of conspiracy to commit wire fraud related to his involvement with the IcedID malware.
Consequently, Penchukov is facing a potential maximum sentence of 20 years in prison for each charge. The sentencing is set for May 9, 2024.