Nine People Accused of Stealing Millions of Dollars with ZeuS Malware

Indictment charging nine people involved in cybercriminal operation

US authorities have unsealed an indictment charging nine individuals with being involved in a criminal organization that relied on the ZeuS banking Trojan to infect computers and steal millions of dollars from their owners’ bank accounts.

Two of the suspects – Yuriy Konovalenko, 31, and Yevhen Kulibaba, 36 – have been apprehended. The Ukrainians were arrested in the United Kingdom and have recently been extradited to the United States.

Three other Ukrainians and a Russian have also been charged, but they remain at large. The Ukrainians are Vyacheslav Igorevich Penchukov, Ivan Viktorvich Klepikov and Alexey Dmitrievich Bron. The Russian suspect is Alexey Tikonov. The rest of the charged individuals have not been identified so they’re named as John Does in the indictment.

All of the suspects have been charged with conspiracy to commit computer fraud and identity theft, conspiracy to participate in racketeering activity, multiple counts of bank fraud, and aggravated identity theft.

Authorities say the suspects infected the computers of unsuspecting individuals with ZeuS.

“The ‘Zeus’ malware is one of the most damaging pieces of financial malware that has ever been used,” said Acting Assistant Attorney General David A. O’Neil of the Justice Department’s Criminal Division.

“As the charges unsealed today demonstrate, we are committed to making the Internet more secure and protecting the personal information and bank accounts of American consumers. With the invaluable cooperation of our foreign law enforcement partners, we will continue to bring to justice cyber criminals who steal the money of U.S. citizens,” O’Neil added.

According to the indictment, the cybercriminals used the malicious software to capture bank account numbers, passwords, and other information they needed to breach bank accounts.

They transferred money from the victims’ accounts into the accounts of money mules, individuals who withdrew the criminal proceeds and sent it to the overseas members of the conspiracy.

Kulibaba operated the money-laundering network, whereas Konovalenko was responsible for obtaining stolen banking credentials and forwarding the information to Kulibaba.

The other members of the conspiracy were responsible for developing malicious software, financial management, and administrating the technical aspects of the scheme.

“This case illustrates the vigorous cooperation between national and global law enforcement agencies and sends a strong message to cyber thieves,” said Special Agent in Charge Thomas R. Metz of the FBI’s Omaha Division.

“The FBI and our international partners will continue to devote resources to finding better ways to safeguard our systems, fortify our cyber defenses and stop those who do us harm.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s