Alleged Zeus cybercrime leader arrested in Geneva, to be extradited to US
Alexander Martin November 16, 2022

Alleged Zeus cybercrime leader arrested in Geneva, to be extradited to US

Alexander Martin

November 16, 2022

Alleged Zeus cybercrime leader arrested in Geneva, to be extradited to US

Vyacheslav Penchukov, the 40-year-old Ukrainian accused of leading the Zeus cybercrime group, has been arrested in Geneva and will be extradited to the United States, Swiss prosecutors have confirmed to The Record.

Penchukov, who is on the FBI’s “Most Wanted” list and has been sought for 10 years as the person behind the hacker known as “Tank”, was arrested on October 23 and detained, pending extradition, according to a statement from the Federal Office of Justice (FOJ) in Switzerland.

The arrest is one of the most significant of an FBI “Most Wanted” cybercriminal on record. Although Penchukov formally opposed the extradition motion during a hearing on October 24, the FOJ decided on Tuesday that he would be extradited to the U.S. He may appeal this decision at the Swiss Criminal Federal Court, and then at the Swiss Supreme Court.

Penchukov’s arrest was first reported by independent journalist Brian Krebs, citing “multiple sources.” Krebs reported Penchukov, who is originally from Donetsk, was traveling to Geneva to meet up with his wife when he was detained.

He, alongside eight others, was charged in a superseding indictment filed in 2014 by the Nebraska District Attorney’s Office of being part of “a wide-ranging racketeering enterprise and conspiracy who infected thousands of business computers with malicious software known as ‘Zeus’.”

The indictment alleges “that the ‘Zeus’ malware captured passwords, account numbers, and other information necessary to log into online banking accounts.”

It was used to steal millions of dollars from victims, and the defendants were all charged with “conspiracy to participate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud.”

The banking trojan worked by secretly capturing log-in credentials as they were used by victims, allowing the criminals to hijack their accounts and transfer the funds to money mules who took a commission before sending it on to the ringleaders.

Two of Penchukov’s co-defendants, Yevhen Kulibaba and Yuriy Konovalenko, were arrested in 2014 and subsequently entered guilty pleas.

Krebs reported that Tank evaded prosecution in Ukraine due to political connections to the ousted former Ukrainian President Victor Yanukovych, who now resides in Russia. According to Krebs, he received a tip-off in 2010 about search warrants of his home being prepared by the Security Service of Ukraine, due to widespread corruption in the agency at the time.

Alexander Martin is the UK Editor for The Record. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.