Penchukov Vyacheslav Igorevich

Penchukov Vyacheslav Igorevich

Biography

2022: Detention in Switzerland at FBI request

On November 15, 2022, it became known that Vyacheslav Penchukov was arrested in Geneva: he is believed to be one of the leaders of the Zeus cybercriminal group.

FBI wanted Penchukov for about 10 years. According to the agency's website, the attacker, also known under the pseudonyms "Tank" and "Father," participated in large-scale extortion and in infecting the victims' computers with the Zeus program. It was used to steal bank account numbers, passwords and other personal information users. In August 2012, a Nebraska County federal grand jury indicted Penchukov on a number of counts, including conspiracy to commit extortion, bank fraud, aggravated data personal theft.

According to the Federal Department of Justice Switzerland (FOJ), citizen Ukraine Vyacheslav Penchukov was arrested on October 23, 2022. By mid-November 2022, he is awaiting extradition to, USA although this decision can still be appealed to the Swiss Federal Criminal Court or the Supreme Court. Switzerland

As one of the leaders of cybercriminal network Zeus, Penchukov reportedly managed stolen bank details and money mules that transferred money from victims' accounts to accounts controlled by cybercriminals. Along with eight other suspects, he was charged with racketeering conspiracy. According to some reports, Pencukov was also one of the leaders of cyber operations for extortion of Maze and Egregor. Two of his accomplices, citizens of Ukraine Evgeny Kulibaba and Yuriy Konovalenko, pleaded guilty in November 2014 after being extradited from the UK: in May 2015, a court sentenced them to two years and ten months in prison.^[1]

2024

Guilty plea in cyber attacks

On February 15, 2024, the US Department of Justice (DOJ) reported that Ukrainian citizen Vyacheslav Penchukov pleaded guilty to cyber attacks that caused tens of millions of dollars in losses. One of the victims was the University of Vermont Medical Center, which lost $65 million as a result of a hacker invasion and lost the ability to provide intensive care services for two weeks.

According to the released data, 37-year-old Penchukov, also known as Vyacheslav Andreev and Tank, has been involved in the spread of malicious software Zeus since May 2009. This malware is designed to intercept passwords from payment systems and then steal money. Thousands of corporate computers are said to have been infected with the virus. Pencukov and his accomplices stole information about bank accounts and, personal data after which they carried out fictitious transactions. The money was then transferred to accounts controlled by the attackers.

𝓲

Unsplash

Penchukov was listed as one of the most wanted cybercriminals. From FBI November 2018 to February 2021, he distributed malware IcedID (Bokbot). This virus is designed to steal personal information about victims, including bank credentials. In addition, IcedID can be used to implement ransomware. It was this malware that was used in the attack on the University of Vermont Medical Center. It is said that due to the disruption of the IT systems of the medical institution, its patients were in danger.

Pencukov was arrested in Switzerland in 2022 and extradited to the United States in 2023. He pleaded guilty to conspiracy to commit electronic fraud, as well as conspiracy to distribute the Zeus malware. He faces a maximum sentence of 20 years in prison for each count.^[2]

Sentence - 9 years in prison

In mid-July 2024, a Ukrainian citizen, 37-year-old Vyacheslav Igorevich Penchukov, was found guilty by a US federal court in Nebraska for participating in operations with Zeus and IcedID malware. Penchukov was sentenced to nine years in prison with three years of probation, as well as more than $70 million in restitution.

Pencukow, also known as Tank, was arrested in Switzerland in 2022 and extradited to the United States in 2023. The initial charge was filed back in 2014, and by the time he was arrested, he had been on the FBI's most wanted cybercriminals list for more than a decade.

𝓲

Unsplash

According to court documents, Pencukov participated in Operation Zeus from 2009, and in the operation with the malicious ON IcedID (aka Bokbot) - from November 2018 to February 2021. Penchukov and his accomplices infected thousands of corporate computers with Zeus malware to steal bank account data, passwords and other information that provides access to online banking accounts. The Zeus Trojan is estimated to have infected millions of devices around the world, causing more than $100 million in damage. At the same time, despite the efforts of specialists on cyber security numerous variants of the Zeus Trojan, they continued to spread over the network for many years.

IcedID was used to steal victims' banking information, as well as to distribute other families of malware, such as ransomware. In just one incident, a ransomware distributed through IcedID caused more than $30 million in damages to the University of Vermont Medical Center, court documents show. The distribution of IcedID was suppressed by law enforcement in May 2024 as part of Operation Endgame, which targeted several malware distributors.^[3]

Notes