November 15, 2024
FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva
A Ukrainian national who has been wanted by the U.S for over a decade has been arrested by Swiss authorities for his role in a notorious cybercriminal ring that stole millions of dollars from victims' bank accounts using malware called Zeus. Vyacheslav Igorevich Penchukov, who went by online pseu­do­nyms "tank" and "father," is said to have been involved in the day-to-day operations of the group

A Ukrainian national who has been wanted by the U.S for over a decade has been arrested by Swiss authorities for his role in a notorious cybercriminal ring that stole millions of dollars from victims’ bank accounts using malware called Zeus.

Vyacheslav Igorevich Penchukov, who went by online pseu­do­nyms “tank” and “father,” is said to have been involved in the day-to-day operations of the group. He was apprehended on October 23, 2022, and is pending extradition to the U.S.

Details of the arrest were first reported by independent security journalist Brian Krebs.

Penchukov, along with Ivan Viktorovich Klepikov (aka “petrovich” and “nowhere”) and Alexey Dmitrievich Bron (aka “thehead”), was first charged in the District of Nebraska in August 2012.

According to court documents released by the U.S. Depart of Justice (DoJ) in 2014, Penchukov and eight other members of the cybercriminal group infected “thousands of business computers” with Zeus, which is capable of stealing passwords, account numbers, and other information relevant to log into online banking accounts.

These captured credentials were then used to siphon funds from the accounts, with the DoJ calling the Jabber Zeus gang a “wide-ranging racketeering enterprise.”

The Zeus banking trojan is believed to have been authored by an anonymous individual who is only known by the handle lucky12345, a WIRED report from 2017 said, describing Penchukov as a well-known local DJ with a penchant for high-end BMWs and Porsches.

More importantly, machines infected by the “endlessly adaptable” malware could be folded into a botnet whose power can be harnessed to carry out distributed denial-of-service (DDoS) attacks.

A successor to Zeus, known as Gameover Zeus and which functioned as a peer-to-peer botnet, was temporarily disrupted in 2014 as part of an international law enforcement operation codenamed Tovar.

All the defendants have been accused of conspiracy to participate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud.

Two of his co-conspirators, Yevhen Kulibaba (aka “jonni”) and Yuriy Konovalenko (aka “jtk0”), pleaded guilty in November 2014 after being extradited from the U.K. and were sentenced to two years and 10 months of incarceration on May 28, 2015.