Ukrainian cybercrime suspect with Russian ties arrested after years on the run

Updated on: 17 November 2022

Damien Black
Senior Journalist

A Ukrainian national from the Russian-annexed region of Donetsk has been arrested in Switzerland under suspicion of masterminding a cybercriminal gang that defrauded Western businesses out of millions.

The US Department of Justice (DoJ) fingered Vyacheslav “Tank” Penchukov, 40, for his alleged role as leader of the JabberZeus crew back in 2014, but the suspect has remained at large since then.

US government wanted poster for Penchukov and associates — FBI wanted poster featuring Vyacheslav Penchukov (right) and two fellow suspects

The story appears to have been broken by the Krebs On Security website, which cited “multiple sources” as saying Penchukov was arrested in Geneva while traveling there to meet his wife three weeks ago.

“The JabberZeus crew’s name is derived from the malware they used, which was configured to send them a Jabber instant message each time a new victim entered a one-time password code into a phishing page mimicking their bank,” said Krebs.

The cyber-gang – which takes the second part of its moniker from the Trojan named after the ancient Greek god – appears to have aimed its lightning bolts at smaller targets, potentially vulnerable SMEs that could be easily put out of business by a ransomware attack.

Krebs adds that it pioneered “man-in-the-browser” cyberattacks that “used malware that can silently siphon any data victims submit via a web-based form.” This was allegedly custom-made for the gang by Russian criminal tech genius Evgeniy Bogachev, who remains at large with a $3 million bounty placed on him by the Federal Bureau of Investigation (FBI).

“Once inside a victim company’s bank accounts, the crooks would modify the firm’s payroll to add dozens of money mules [...] recruited through work-at-home schemes to handle bank transfers,” said Krebs. “The mules in turn would forward any stolen payroll deposits, minus their commissions, via wire transfer overseas.”

Penchukov’s political ties to ousted and pro-Russian former Ukrainian president Viktor Yanukovych are believed to have helped him evade prosecution by authorities for years, and the suspected cybercriminal enjoyed a lavish lifestyle in his alter ego as local DJ “Slava Rich” that involved being seen driving around in BMWs and Porsches.

Krebs adds that it reached out to the FBI for comment regarding Penchukov’s arrest but had received none at the time of publishing.