US authorities have unsealed an indictment charging nine individuals with being involved in a criminal organization that relied on the ZeuS banking Trojan to infect computers and steal millions of dollars from their owners’ bank accounts.
Two of the suspects – Yuriy Konovalenko, 31, and Yevhen Kulibaba, 36 – have been apprehended. The Ukrainians were in the United Kingdom and have recently been extradited to the United States.
Three other Ukrainians and a Russian have also been charged, but they remain at large. The Ukrainians are Vyacheslav Igorevich Penchukov, Ivan Viktorvich Klepikov and Alexey Dmitrievich Bron. The Russian suspect is Alexey Tikonov. The rest of the charged individuals have not been identified so they’re named as John Does in the indictment.
All of the suspects have been charged with conspiracy to commit computer fraud and identity theft, conspiracy to participate in racketeering activity, multiple counts of bank fraud, and aggravated identity theft.
Authorities say the suspects infected the computers of unsuspecting individuals with ZeuS.
“As the charges unsealed today demonstrate, we are committed to making the Internet more secure and protecting the personal information and of American consumers. With the invaluable cooperation of our foreign law enforcement partners, we will continue to bring to justice cyber criminals who steal the money of U.S. citizens,” O’Neil added.
They transferred money from the victims’ accounts into the accounts of money mules, individuals who withdrew the criminal proceeds and sent it to the overseas members of the conspiracy.
Kulibaba operated the money-laundering network, whereas Konovalenko was responsible for obtaining stolen banking credentials and forwarding the information to Kulibaba.
“This case illustrates the vigorous cooperation between national and global law enforcement and sends a strong message to cyber thieves,” said Special Agent in Charge Thomas R. Metz of the FBI’s Omaha Division.