Indictment charges 'Jabber Zeus Crew' with using malware to steal millions

Share this article:
25,000 servers infected by “Operation Windigo” to bolster a malware campaign
Nine individuals are charged in an operation dating back to 2009.

An indictment unsealed in Nebraska on Friday charges nine men with infecting thousands of business computers with the nefarious Zeus banking trojan, and leveraging the sensitive information they obtained to steal millions from victim bank accounts.

Named in the indictment were Ukranian residents Vyacheslav Penchukov, Ivan Klepikov and Alexey Bron, Russian resident Alexey Tikonov, and U.K.-based Yevhen Kulibaba and Yuriy Konovalenko. Two residents of Russia and one from the Ukraine were listed as John Doe's and referred to only by their online handles.

Collectively, the crew is known as the “Jabber Zeus Crew,” according to the indictment.

For malicious activities dating as far back as 2009, all the individuals are charged with conspiracy to participate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud, according to the indictment.

The crew is alleged to have installed Zeus trojans on numerous computers, after which they used the malware to obtain bank account numbers, passwords, personal identification numbers, RSA SecureID token codes, and other information, according to the indictment.

The documents add that the alleged perpetrators posed as employees of victim organizations, and carried out unauthorized transfers of funds from compromised bank accounts.

“It was further part of the conspiracy that [defendants] used “money mules” residents of the United States who received funds transferred over the Automated Clearing House (“ACH”) network or through other interstate wire systems from victims' bank accounts into the money mules' own bank accounts, and then withdrew some of those funds and wired the funds overseas to conspirators,” according to the indictment.

Bullitt County Fiscal Court, Doll Distributing, Franciscan Sisters of Chicago, Husker Ag LLC, Parago, Inc., Town of Egremont, and United Diary, Inc. are among the victims named in the indictment.

“The United States of America gives notice to all defendants, that upon conviction of any defendant, a money judgment may be imposed on that defendant equal to the total value of the property subject to forfeiture, which is at least $70,000,000.00,” according to the indictment.

Share this article:

Sign up to our newsletters

More in News

New backdoor 'Baccamun' spreads through ActiveX exploit

Symantec researchers revealed that the backdoor is dropped after attackers exploit a Windows ActiveX vulnerability.

Outdated browsers put U.K. users at risk of malware

A blog post on Check and Secure website said 70 percent of U.K. users haven't fully updated their internet browsers

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.