Hacker ‘Tank’ gets prison sentence for connections to Zeus and IcedID malware

Avatar

The U.S. justice system closed the book on a long-running criminal hacking case Thursday, as a Nebraska federal judge sentenced a Ukrainian national to prison and ordered him to pay millions of dollars in restitution for participating in two notorious malware schemes.

Vyacheslav Igorevich Penchukov, 37, had pleaded guilty in February to charges associated with helping  operate the Zeus banking malware in the 2010s and later the IcedID infostealer, also known as Bokbot.

Wired first reported the sentencing, which essentially sends Penchukov to prison for nine years with three years of supervised release. The judge also ordered him to pay $73 million in restitution. Penchukov had pleaded guilty to one count of conspiracy to engage in racketeering and another count of conspiracy to commit wire fraud.

Known as “Tank” in hacker circles, Penchukov had been on the FBI’s Most Wanted list for more than a decade before he was arrested in Switzerland in 2022 and extradited to the U.S. in 2023.

He was originally named in a 2014 indictment against the JabberZeus Crew, which began spreading Zeus in 2009, according to prosecutors. The malware captured banking account passwords and other information that allowed the cybercriminals to pose as account holders and drain their money. 

Hired “money mules” would then receive the money in their own bank accounts and withdraw it to accounts controlled by Penchukov and his fellow cybercriminals, the Department of Justice (DOJ) said in February.

Alleged Zeus co-conspirators included Maksim Yakubets and Evgeniy Bogachev are both wanted by the U.S. government, which is offering multimillion-dollar rewards for each.

Prosecutors said Penchukov helped run the IcedID operation from at least November 2018 through February 2021. The malware collects and transmits information from infected computers, including banking credentials. 

“One such victim of this ransomware attack was the University of Vermont Medical Center, causing the loss of over $30 million from this victim alone, and left the medical center unable to provide many critical patient services for over two weeks,” the DOJ said.

CybercrimeGovernmentNews BriefsNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

Indiana county files disaster declaration following ransomware attack

Next Post

Hackers stole ‘nearly all’ call logs over six months from AT&T

Related Posts

Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually

Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events and losses, emphasizing the escalating
Avatar
Read More

North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign

A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky. MoonPeak, under active development
Avatar
Read More