Mastermind Behind Zeus And IcedID Malware Sentenced To 9 Years In Prison
Read also: Global law enforcement op strikes West African cybercrime, the Astrostress operator gets a prison sentence, and more.
Thursday, July 18, 2024
Hacker ‘Tank’ Sentenced to 9 Years for Zeus and IcedID Malware Operations
Vyacheslav Igorevich Penchukov, a notorious Ukrainian hacker known as “Tank,” has been sentenced by a US court to nine years in prison for his involvement in malware schemes. The 37-year-old cybercriminal pleaded guilty in February 2024 to charges connected to the operation of the Zeus banking malware in the 2010s and the IcedID infostealer, also known as Bokbot.
Penchukov’s activities had placed him on the Federal Bureau of Investigation’s (FBI) ‘most wanted’ cyber list for more than ten years. He was arrested in Switzerland in 2022 and extradited to the US last year.
A US court has handed down two concurrent nine-year sentences to Penchukov. He was charged with conspiracy to commit a racketeer-influenced and corrupt organizations (RICO) act offense and wire fraud.
Penchukov was also ordered to pay over $73 million in restitution and forfeited funds. Additionally, he will face three years of supervised release for each count following his prison term.
Interpol-led operation dismantled multiple criminal networks across the globe
A global law enforcement operation targeting West African organized crime groups, including the notorious Black Axe (a major West African transnational organized crime syndicate known for its involvement in cyber fraud, human trafficking, and drug smuggling), has resulted in hundreds of arrests, the seizure of assets worth $3 million, and the dismantling of multiple criminal networks worldwide.
Codenamed “Operation Jackal III”, the operation took place between April 10 to July 3 across 21 countries and was focused on online financial fraud and the West African syndicates behind it. As part of the operation nearly 300 arrests were made, over 400 additional suspects were identified, and more than 720 bank accounts were blocked.
In Argentina, the police dismantled a Nigerian-led transnational criminal network and seized $1.2 million in high-quality counterfeit banknotes. As part of the action, 72 suspects were arrested, and around 100 bank accounts were frozen. In Switzerland, police cracked down on West African organized crime syndicates operating nationwide, seizing cocaine, approximately €45,000 in cash, and arresting multiple suspects.
At the same time, Portuguese police neutralized a Nigerian network involved in money mule recruitment and money laundering. More than 25 syndicate members were identified in the process. Data from seized computers and phones showed large transfers to Nigerian bank accounts, cryptocurrency transactions, and sophisticated money laundering operations.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
An operator of the Astrostress DDoS-for-hire website gets 9 months in prison
Scott Raul Esparza, 24, a Texas man, was sentenced to nine months in federal prison for running a website that enabled paying users to launch powerful distributed denial of service (DDoS) attacks. He was also ordered to serve two years of supervised release with conditions, including a full computer monitoring program, after completing his prison sentence.
From 2019 to September 2022, Esparza operated and co-administrated a DDoS-for-hire service called “Astrostress.com” with Shamar Shattock, 21, of Margate, Florida. Esparza was responsible for procuring attack servers and maintaining the site's attack functionality. He also assisted Shattock in marketing the service and hired a co-conspirator to handle customer support. Esparza personally conducted thousands of attacks using his own service, officials said.
Esparza pleaded guilty on March 6, 2024, to one count of conspiracy to commit unauthorized impairment of a protected computer and one count of unauthorized impairment of a protected computer. Shattock pleaded guilty in March 2023 to one felony conspiracy count and faces up to five years in federal prison. His sentencing hearing is expected to take place in the coming months.
A criminal group used malware to steal funds from major Ukrainian industrial firms
Ukrainian cyber police have dismantled a criminal group involved in stealing funds from the bank accounts of major industrial enterprises in Ukraine.
The investigation revealed that the perpetrators infected the corporate networks with malware, granting them remote access to financial operations. By manipulating the recipients' details, the criminals were able to divert funds to accounts under their control, causing financial losses exceeding 6 million UAH (~$150,000) for Ukrainian enterprises.
Ironically, one of the group’s members found himself kidnapped by his accomplices when he refused to transfer his share to controlled accounts. The police were able to identify the vehicle carrying the suspects and arrest two key figures behind the group.
The suspects have been charged under Part 2 of Article 146 (Illegal Imprisonment or Kidnapping) and Part 4 of Article 189 (Extortion) of the Criminal Code of Ukraine. Both suspects are currently in custody. The accused face up to 12 years in prison along with confiscation of their property if found guilty.
A suspected charity hacker arrested in Scotland
Cheshire police officers have arrested a 45-year-old man in Carron, Falkirk, Scotland, as part of an investigation into the hack of a charity in Runcorn, Cheshire. The charity, which provides essential support to hundreds across the UK, had its social media, email, and finance systems compromised due to multiple large-scale cyber-attacks that had a significant impact on the charity's operation.
The arrest occurred on Monday, July 15. The suspect was taken back to Cheshire for questioning and has been released under investigation. Police recovered various items, including computers, mobile devices, and hard drives, from the property.
In another case, Amar Tagore, a 21-year-old university student from Alexandria, West Dunbartonshire, Scotland, has been sentenced to 21 months in jail for creating malicious software.
Tagore earned over £44,000 (~$54,000) by selling malware named “Myra,” designed for DDoS attacks. The attacks targeted corporate and government websites, including the Department of Work and Pensions (DWP) job center site in Braintree, Essex. Tagore was arrested after police traced the malicious software back to him following a series of DDoS attacks that took place between May and August 2022.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
