DOJ charges 9 ringleaders for ‘Zeus’ malware heist

But seven of them are still at large.


Aja Romano


Published Apr 11, 2014   Updated May 31, 2021, 12:03 pm CDT

Nine alleged cybercriminals have been charged in the U.S. for stealing millions of dollars from businesses, according to an indictment unsealed Friday in Nebraska.

Featured Video Hide

Two people have been indicted for money laundering and identity theft in the state where they allegedly pilfered away millions of dollars from banks and other companies. The seven other alleged conspirators in the international cybercriminal ring remain at large.

Advertisement Hide

Although the indictment was first issued in August of 2012, it was sealed until Friday, when Ukrainian nationals Yuriy Konovalenko and Yevhen Kulibaba were arraigned in a Nebraska courthouse. The two were charged on counts of conspiracy to commit racketeering as well as identity theft and bank fraud, after they laundered millions of dollars from a Nebraska bank and other financial institutions. The U.S. Department of Justice (DOJ) announced today that the indictment had been unsealed in connection with Konovalenko and Kulibaba’s first appearance in court following their extradition from the U.K.

The thieves allegedly installed and used the “Zeus” malware to collect passwords and account info from the computers of unsuspecting victims. Armed with the victims’ personal information, they are said to have logged into the victims’ banking systems and transferred funds from the victims’ accounts to their own.

The cybercriminal ring is also alleged to have used “money mules”—people on the ground who transferred small sums of money from the victims’ accounts and then wired it overseas to the ringleaders—in the U.S. and the U.K.

The alleged criminals, most of whom hail from Eastern Europe and are in their early 30s, were well-organized. Each of the alleged ringleaders handled a different part of the operation, according to the DOJ. release. Kulibaba operated the money-laundering facet of the ring in the U.K., while Konovalenko handled stolen passwords and other info.

Advertisement Hide

Four of the other defendents named in the case are still at large. The DOJ describes their roles described as follows:

• Vyacheslav Penchukov, allegedly coordinated the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised.
• Ivan Klepikov was the alleged systems administrator, who handled the technical aspects of the criminal scheme and also received alerts once a bank account had been compromised.
• Alexey Bron was the alleged financial manager of the criminal operations, who managed the transfer of money through an online money system known as Webmoney.
• Alexey Tikonov was an alleged coder or developer, who assisted the criminal enterprise by developing new codes to compromise banking systems.

An additional three members of the ring have not been identified and are referred to in the indictment as John Doe.

“The FBI and our international partners will continue to devote resources to finding better ways to safeguard our systems, fortify our cyber defenses and stop those who do us harm,” the FBI Special Agent in Charge of the investigation, Thomas Metz, stated.

In the meantime, follow the rules of the Internet: don’t download anything suspicious, and change all your passwords regularly.

Advertisement Hide

Photo via dynamosquito/Flickr (CC BY-SA 2.0)

Share this article
*First Published: Apr 11, 2014, 2:12 pm CDT