A citizen of Ukraine, who turned out to be a hacker, has declared his culpability in the United States for his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021.

Vyacheslav Igorevich Penchukov (also called Vyacheslav Igoravich Andreev), 37 years old, was arrested by Swiss authorities in October 2022 and extradited to the United States last year; He was placed on the FBI's Most Wanted list in 2012.

How this Ukrainian hacker was brought to justice

The US Department of Justice (DoJ) has described Penchukov as “leader of two prolific groups [hacker, distributori] of malware” which have infected thousands of computers with malware, causing ransomware “attacks” and the theft of millions of dollars.

This included the Zeus banking trojan, which facilitated the theft of banking information, passwords, personal identification codes and other details needed to access online bank accounts.

Penchukov and his accomplices, as part of the “large racketeering enterprise” called the Jabber Zeus gang, they then disguised themselves as employees of the victims to initiate unauthorized transfers of funds.

These hackers also have used individuals residing in the United States and other parts of the world as “money mules” to receive the transferred funds, which were eventually diverted to overseas accounts controlled by Penchukov and others. A successor of Zeus was dismantled in 2014.

The defendant is also accused of facilitating malicious activity by leading attacks involving malware IcedID (also known as BokBot) since at least November 2018; the malware is capable of acting as an information stealer and loader for other payloads, such as ransomware.

Ultimately, how reported by investigative journalist Brian Krebs in 2022, he managed to escape justice from Ukrainian cyber investigators for many years thanks to his political connections with former Ukrainian president Viktor Yanukovych.

After his arrest and extradition, Penchukov entered a guilty plea to one count of conspiracy to commit a crime under the Racketeer Influenced and Corrupt Organizations (RICO) act for his leadership role in the Jabber Zeus group; he also pleaded guilty to one count of conspiracy to commit fraud for his leadership role in the IcedID malware group.

Penchukov is to be sentenced on May 9, 2024 and faces a maximum sentence of 20 years in prison on each count.

The news comes as the DoJ announces the extradition of a 28-year-old Ukrainian citizen from the Netherlands in connection with fraud, money laundering and aggravated identity theft for allegedly operating and publicizing an information thief known as Raccoon.

Mark Sokolovsky, arrested by the Dutch authorities in March 2022, rented Raccoon to other cybercriminals on a malware-as-a-service (MaaS) model for $200 per month; has become available for the first time in April 2019.

“These individuals used various excuses, such as email phishing, to install malware on the computers of unsuspecting victims“, has declared the DoJ. “The [programma che ruba] Information Raccoon then stole personal data from the victims' computers, including login credentials, financial information, and other personal documents. The stolen information was used to commit financial crimes or was sold to others on cybercrime forums.”

These hackers stole at least 50 million unique credentials and forms of identification were collected by the malwareaccording to estimates from the US FBI.

Sokolovsky's arrest was accompanied by a coordinated takedown of Raccoon's digital infrastructure, but a new one version of information-stealing malware, call RecordBreakerhas emerged since then.

He was charged with one count of conspiracy to commit fraud and related activities in relation to computers, one count of conspiracy to commit fraud, one count of conspiracy to commit money laundering and one count of aggravated identity theft.