The US Department of Justice announced on Thursday that a Ukrainian national has pleaded guilty to charges related to his role in two major malware operations.
The defendant, Vyacheslav Igorevich Penchukov, aka ‘Tank’, was on the FBI’s Cyber Most Wanted List until 2022, when he was arrested in Switzerland.
He was extradited to the United States last year and he has now pleaded guilty to RICO and wire fraud charges related to his leadership role in separate cybercrime operations involving the Zeus and IcedID malware.
US authorities have accused Penchukov of helping lead the Zeus operation starting in May 2009. The trojan is said to have infected millions of devices, including thousands of business computers, enabling cybercriminals to obtain personal and banking information that could be used to make unauthorized transfers from victims’ bank accounts.
Law enforcement cracked down on cybercriminals using the Zeus malware in 2010, and Zeus botnets were targeted by Microsoft in 2012, but the malware continued making headlines in the coming years.
Investigators believe Penchukov had a leadership position in the IcedID malware operation between at least November 2018 and February 2021. IcedID enabled cybercriminals to steal banking and personal information, and could also be used to deliver other malware to compromised computers, including ransomware.
The Justice Department said the Zeus and IcedID malware operations caused tens of millions of dollars in losses.
Penchukov’s sentencing is scheduled for May 9. He faces up to 20 years in prison for each count.
Related: Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping
