{
	"id": "f064da2d-7fbf-4da3-b3c5-2ba56776c5d1",
	"created_at": "2026-04-10T03:22:05.890207Z",
	"updated_at": "2026-04-10T13:13:10.176374Z",
	"deleted_at": null,
	"sha1_hash": "49804a6b9019d297962a28d062602cc13a05c459",
	"title": "Foreign National Pleads Guilty to Role in Cybercrime Schemes Involving Tens of Millions of Dollars in Losses",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38461,
	"plain_text": "Foreign National Pleads Guilty to Role in Cybercrime Schemes\r\nInvolving Tens of Millions of Dollars in Losses\r\nPublished: 2024-02-15 · Archived: 2026-04-10 03:09:16 UTC\r\nA Ukrainian national pleaded guilty today to his role in two separate and wide-ranging malware schemes\r\ninvolving tens of millions of dollars in losses.\r\n“Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of\r\ncomputers with malicious software. These criminal groups stole millions of dollars from their victims and even\r\nattacked a major hospital with ransomware, leaving it unable to provide critical care to patients for over two\r\nweeks,” said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal\r\nDivision. “Before his arrest and extradition to the United States, the defendant was a fugitive on the FBI’s most\r\nwanted list for nearly a decade. Today’s guilty pleas should serve as a clear warning: the Justice Department will\r\nnever stop in its pursuit of cybercriminals.”\r\nAccording to court documents, Vyacheslav Igorevich Penchukov, also known as Vyacheslav Igoravich Andreev\r\nand Tank, 37, of Donetsk, helped lead a wide-ranging racketeering enterprise and conspiracy that infected\r\nthousands of business computers with malicious software known as “Zeus” beginning in May 2009. After\r\ninstalling “Zeus” without authorization on victims’ computers, the enterprise then used the malicious software to\r\ncapture bank account information, passwords, personal identification numbers, and similar information necessary\r\nto log into online banking accounts. Penchukov and his co-conspirators then falsely represented to banks that they\r\nwere employees of the victims and authorized to make transfers of funds from the victims’ bank accounts, causing\r\nthe banks to make unauthorized transfers of funds from the victims’ accounts, resulting in millions of dollars in\r\nlosses to the victims. The enterprise used residents of the United States and elsewhere as “money mules” to\r\nreceive wired funds from victims’ bank accounts into their own bank accounts, who then withdrew and wired\r\nfunds overseas to accounts controlled by Penchukov’s co-conspirators. \r\nPenchukov was charged with these offenses in the District of Nebraska. Given the severity of the charges in the\r\ncase and the harm posed to American victims, Penchukov was added to the FBI’s Cyber Most Wanted List.\r\n“The U.S. Attorney’s Office for the District of Nebraska, in concert with the U.S. Attorney’s Office for the Eastern\r\nDistrict of North Carolina and Justice Department’s Computer Crime and Intellectual Property Section,\r\nsuccessfully coordinated the prosecution and plea of Penchukov,” said U.S. Attorney Susan T. Lehr for the District\r\nof Nebraska. “This case demonstrates that cybercrime can affect anyone, no matter where they are. It also\r\ndemonstrates that no matter where the cybercriminals are, the department can and will bring them to justice.”\r\nDespite being added to the FBI’s Cyber Most Wanted List, Penchukov returned to criminal activity by helping\r\nlead a conspiracy that infected victim computers with IcedID or Bokbot, a new malware, from at least November\r\n2018 through February 2021. IcedID was a sophisticated form of malicious software that collected and transmitted\r\npersonal information from victims, including credentials for banking accounts. Penchukov and his co-conspirators\r\nused this information to steal from IcedID’s victims. IcedID also provided access to infected computers for other\r\nhttps://www.justice.gov/opa/pr/foreign-national-pleads-guilty-role-cybercrime-schemes-involving-tens-millions-dollars\r\nPage 1 of 2\n\nforms of malicious software, including ransomware. One such victim of this ransomware attack was the\r\nUniversity of Vermont Medical Center, causing the loss of over $30 million from this victim alone, and left the\r\nmedical center unable to provide many critical patient services for over two weeks, creating a risk of death or\r\nserious bodily injury to patients. Penchukov was charged with these offenses in the Eastern District of North\r\nCarolina.\r\n“Malware like IcedID bleeds billions from the American economy and puts our critical infrastructure and national\r\nsecurity at risk,” said U.S. Attorney Michael Easley for the Eastern District of North Carolina. “The Justice\r\nDepartment and FBI Cyber Squad won’t stand by and watch it happen, and won’t quit coming for the world’s\r\nmost wanted cybercriminals, no matter where they are in the world. This operation removed a key player from one\r\nof the world’s most notorious cybercriminal rings. Extradition is real. Anyone who infects American computers\r\nhad better be prepared to answer to an American judge.”\r\n“Core to the FBI’s cyber strategy is our willingness to play the long game and take players off the field.\r\nVyacheslav Penchukov was a prolific criminal for over a decade and his criminal activities caused millions in\r\ndamages,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “The FBI would like to thank our\r\npartners in both public and private sectors, and domestically and globally, for helping us bring Penchukov to\r\njustice.”\r\nPenchukov was arrested in Switzerland in 2022 and extradited to the United States in 2023.\r\nPenchukov pleaded guilty to one count of conspiracy to commit a racketeer influenced and corrupt organizations\r\n(RICO) act offense for his leadership role in the “Zeus” enterprise. Penchukov (as Andreev) also pleaded guilty to\r\none count of conspiracy to commit wire fraud for his leadership role in the IcedID malware group. He is scheduled\r\nto be sentenced on May 9 and faces a maximum penalty of 20 years in prison for each count. A federal judge will\r\ndetermine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.\r\nThe FBI Omaha and Charlotte Field Offices are investigating the case.\r\nAssistant Deputy Chief William A. Hall Jr. and Senior Counsels Frank Lin and Ryan K.J. Dickey of the Criminal\r\nDivision’s Computer Crime and Intellectual Property Section, Assistant U.S. Attorney John E. Higgins for the\r\nDistrict of Nebraska, and Assistant U.S. Attorney Brad DeVoe for the Eastern District of North Carolina are\r\nprosecuting the case.\r\nThe Justice Department’s Office of International Affairs worked with the Swiss Federal Office of Justice to secure\r\nthe arrest and extradition of Penchukov.\r\nSource: https://www.justice.gov/opa/pr/foreign-national-pleads-guilty-role-cybercrime-schemes-involving-tens-millions-dollars\r\nhttps://www.justice.gov/opa/pr/foreign-national-pleads-guilty-role-cybercrime-schemes-involving-tens-millions-dollars\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.justice.gov/opa/pr/foreign-national-pleads-guilty-role-cybercrime-schemes-involving-tens-millions-dollars"
	],
	"report_names": [
		"foreign-national-pleads-guilty-role-cybercrime-schemes-involving-tens-millions-dollars"
	],
	"threat_actors": [],
	"ts_created_at": 1775791325,
	"ts_updated_at": 1775826790,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/49804a6b9019d297962a28d062602cc13a05c459.pdf",
		"text": "https://archive.orkl.eu/49804a6b9019d297962a28d062602cc13a05c459.txt",
		"img": "https://archive.orkl.eu/49804a6b9019d297962a28d062602cc13a05c459.jpg"
	}
}