Vyacheslav Penchukov, a 37-year-old citizen of Ukraine, pleaded guilty to operations with Zeus and IcedID malware, reports CyberScoop.

A Ukrainian hacker has been accused of playing a key role in two groups that infected their victims’ computers with malware for a decade and stole millions of dollars.

The list of victims even includes the University of Vermont Medical Center. According to the U.S. Department of Justice, the center was unable to provide many important services to patients for more than two weeks as a result of the criminal actions.

Eventually, Viacheslav Penchukov was arrested in Switzerland in 2022 and extradited to the United States in 2023.

According to the prosecutor’s office, Zeus malware was created in May 2009. It was used to intercept bank account credentials as part of a conspiracy to unauthorizedly transfer funds from victims’ accounts to the accounts of the perpetrators.

The role of the Ukrainian hacker in the operation using this software led to him being included in the FBI’s most wanted list of cybercriminals.

After that, according to prosecutors, Vyacheslav Penchukov helped manage the operation using IcedID or BokBot software. This took place at least from November 2018 to February 2021.

The operation included stealing bank account credentials and providing access to infected computers to deliver other malware, including ransomware.

In a US federal court in Nebraska, the hacker pleaded guilty to charges of conspiracy to commit extortion and his leadership role in Operation Zeus.

In addition, he pleaded guilty to charges of conspiracy to commit fraud and his leadership role in the IcedID software operation.

He faces a maximum sentence of 20 years in prison for each count. The sentencing is scheduled for May 9.