Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups.

Penchukov (also known as 'tank' and 'father') was arrested in Switzerland in October 2022 while traveling to meet his wife in Geneva and extradited to the United States in 2023.

The U.S. Department of Justice first charged him in 2012 for his involvement in the Zeus malware operation and the theft of millions of dollars using personal identification numbers, bank account numbers, credentials, and other sensitive info stolen from infected devices.

Multiple sources also told BleepingComputer that Penchukov was part of the leadership of the Maze and Egregor ransomware operations. Maze was the first ransomware gang involved in double-extortion attacks where stolen data was used as leverage to pressure victims.

Maze ransomware was later rebranded to Egregor and Sekhmet to evade law enforcement. Despite this, Penchukov was among the suspects arrested in January 2021 by Ukrainian police as part of a joint international operation targeting the Egregor ransomware gang.

However, as investigative journalist Brian Krebs reported, he evaded prosecution using his political connections, including the late son of former Ukrainian President Viktor Yanukovych.

​Penchukov was also part of the leadership of the IcedID (aka Bokbot) malware operation after being added to the FBI's Cyber Most Wanted List between November 2018 and February 2021.

He and his co-conspirators used the malware to steal the victims' sensitive information, including banking account credentials, and to provide other cybercriminals with access to compromised systems to deploy additional malicious payloads like ransomware.

"Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. These criminal groups stole millions of dollars from their victims and even attacked a major hospital with ransomware, leaving it unable to provide critical care to patients for over two weeks," said Acting Assistant Attorney General Nicole M. Argentieri.

"Before his arrest and extradition to the United States, the defendant was a fugitive on the FBI's most wanted list for nearly a decade."

Penchukov entered a guilty plea to one charge of conspiracy related to racketeering under the Racketeer Influenced and Corrupt Organizations (RICO) Act for his leadership role in the Zeus operation and to another charge of conspiracy to commit wire fraud for his leadership role in the IcedID malware group.

Scheduled for sentencing on May 9, Penchukov faces a potential maximum penalty of 20 years imprisonment for each count.