JabberZeuS

JabberZeuS is a Ukrainian cyber fraud gang associated with the ZeuS banking Trojan ecosystem. The group hired the ZeuS author to create a custom version of the Trojan that became known as JabberZeuS. According to intercepted chats cited in the content, the crew had direct contact with the ZeuS author. A noted JabberZeuS capability was sending Jabber instant messages when a victim logged into a bank account with a high balance, enabling rapid cash-out operations. The group conducted cyber heists using malicious email campaigns and relied on supporting criminal infrastructure and personnel, including money mule management and credential exchange. By 2009, the crew had hired the Cutwail botnet to distribute malicious emails used in these thefts. Identified members and associates in the content include Aqua, who recruited and managed money mules used to cash out hijacked payroll accounts; Tank, who managed money mules and helped coordinate the exchange of stolen banking credentials; Yevhen "Jonni" Kulibaba; Yuri "JTK" Konovalenko; Vyacheslav "Tank" Penchukov; programmer Ivan "petr0vich" Klepikov; Alexey Dmitrievich Bron ("TheHead"); and Alexey "Kusanagi" Tikonov. Intercepted chat records from the incomeet.com server reportedly suggested that Alexey Bron and Vyacheslav Penchukov were co-workers in Donetsk, Ukraine. Law enforcement actions described in the content include the 2010 arrest in the United Kingdom of 20 individuals connected to the JabberZeuS crime ring, with 11 charged with money laundering and conspiracy to defraud, and parallel detentions in Ukraine of five gang members who were then quickly released. A few months after Microsoft's March 2012 ZeuS/SpyEye botnet takedown, the U.S. Justice Department charged nine men in the JabberZeuS conspiracy. The content also states that Yevhen Kulibaba and Yuri Konovalenko were extradited to the United States. Known aliases and naming in the content: JabberZeuS, Jabberzeus, and the JabberZeuS crew.