Ukrainian national pleads guilty for roles in Zeus, IcedID malware operations | CyberScoop<\/title> <meta name=\"description\" content=\"Vyacheslav Igorevich Penchukov pleaded guilty to two counts, each of which carries a possible 20-year prison term.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Ukrainian national pleads guilty for roles in Zeus, IcedID malware operations\"> <meta property=\"og:description\" content=\"Vyacheslav Igorevich Penchukov pleaded guilty to two counts, each of which carries a possible 20-year prison term.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-02-15T22:18:25+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1706643139g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css,\/wp-content\/plugins\/embedpress\/Gutenberg\/dist\/blocks.style.build.css?m=1707840209\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/plugins\/embedpress\/assets\/css\/embedpress.css,\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1707704243\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=b50a7fc68d02387a0cbc\" media=\"all\">\n<link rel=\"stylesheet\" id=\"all-css-10\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-includes\/css\/dashicons.min.css,\/wp-content\/plugins\/embedpress\/assets\/css\/plyr.css?m=1707697092\" type=\"text\/css\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/79229\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=79229\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-79229 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.092936802974\">\n<div class=\"single-article__header-content\" readability=\"31.239316239316\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Vyacheslav Igorevich Penchukov pleaded guilty to two counts, each of which carries a possible 20-year prison term. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Witthaya Prasongsin\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"23.005275229358\"><body readability=\"46.912217659138\"><\/p>\n<p>A Ukrainian man accused of playing key roles in two prolific malware groups that bilked millions from victims around the world over a decade pleaded guilty in a U.S. federal court in Nebraska on Thursday.<\/p>\n<p>Vyacheslav Igorevich Penchukov, 37, was arrested in Switzerland in 2022 and extradited to the U.S. in 2023 for his role in the <a href=\"https:\/\/cyberscoop.com\/tag\/zeus\/\">Zeus<\/a> malware and, later, the IcedID, or Bokbot, malware, <a href=\"https:\/\/www.justice.gov\/opa\/pr\/foreign-national-pleads-guilty-role-cybercrime-schemes-involving-tens-millions-dollars\">according to the U.S. Department of Justice<\/a>.<\/p>\n<p>The Zeus malware dates to May 2009 and was used to capture bank account credential information as part of a plot to make unauthorized transfers of funds from the victim\u2019s accounts to the attacker\u2019s accounts, according to prosecutors. That operation relied, in part, on \u201cmoney mules\u201d in the U.S. to receive wired funds and transfer funds to accounts controlled by Penchukov and his associates, prosecutors said.<\/p>\n<p>Penchukov\u2019s role in the Zeus operation landed him on the FBI\u2019s Cyber Most Wanted List. After the addition, he helped lead the IcedID or BokBot operation, from at least November 2018 through February 2021, prosecutors said. That operation included bank account credential theft but also provided access to infected computers to deliver other malware, including ransomware. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Victims of that activity include the <a href=\"https:\/\/www.nytimes.com\/2020\/11\/26\/us\/hospital-cyber-attack.html\">University of Vermont Medical Center<\/a>, which cost the institution $30 million and \u201cleft the medical center unable to provide many critical patient services for over two weeks, creating a risk of death or serious bodily injury to patients,\u201d the DOJ said. <\/p>\n<p>Penchukov pleaded guilty to one count of conspiracy to commit a racketeer influenced and corrupt organizations (RICO) act related to the Zeus activity, and one count of conspiracy to commit wire fraud for his role in the IcedID malware group. <\/p>\n<p>He faces a maximum penalty of 20 years in prison for each count. Sentencing is set for May 9.<\/p>\n<p>Penchukov\u2019s attorneys did not respond to a request for comment Thursday.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.1753246753247\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ukrainian national pleads guilty for roles in Zeus, IcedID malware<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,1532,46,1533,1534],"tags":[286,1535,54,1536,1537],"class_list":["post-2552","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-icedid","category-ransomware","category-vyacheslav-igorevich-penchukov","category-zeus","tag-cybercrime","tag-icedid","tag-ransomware","tag-vyacheslav-igorevich-penchukov","tag-zeus"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/icedid\/\" rel=\"category tag\">IcedID<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vyacheslav-igorevich-penchukov\/\" rel=\"category tag\">Vyacheslav Igorevich Penchukov<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zeus\/\" rel=\"category tag\">Zeus<\/a>","tag_info":"Zeus","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2552"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2552\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2552,"date":"2024-02-15T22:18:25","date_gmt":"2024-02-15T22:18:25","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79229"},"modified":"2024-02-15T22:18:25","modified_gmt":"2024-02-15T22:18:25","slug":"ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/02\/15\/ukrainian-national-pleads-guilty-for-roles-in-zeus-icedid-malware-operations\/","title":{"rendered":"Ukrainian national pleads guilty for roles in Zeus, IcedID malware operations"},"content":{"rendered":"