An international investigation led by Europol and involving the UK's National Crime Agency has lifted the lid over QQAAZZ group, a money-laundering network that laundered tens of millions on behalf of the world's most prolific cyber criminals since 2016.
The investigation aimed at the activities of QQAAZZ group involved coordinated action between law enforcement agencies from 16 countries, led by Portugal and the United States and supported by the UK, Austria, Belgium, Latvia, Bulgaria, Poland, Spain, Australia, Sweden, Switzerland, Italy, Germany, Czech Republic, and Georgia.
In all, a total of twenty individuals associated with QQAAZZ group were arrested by law enforcement authorities, including six British, Georgian, and Latvian nationals in the UK, one of whom, 32-year-old Arturs Zaharevics, is awaiting extradition to the US.
According to the National Crime Agency, QQAAZZ group advertised its money laundering services on various Russian-speaking online cyber crime forums and since 2016, laundered tens of millions on behalf of prolific cyber criminals, including criminals behind Dridex and Trickbot malware.
The money laundering network laundered funds owned by cyber criminals via numerous corporate and personal bank accounts opened with financial institutions worldwide. The group charged a fee for every transaction and often converted the money into cryptocurrency to hide its original source.
QQAAZZ group also helped cyber criminals set up a large number of shell companies, open additional bank accounts in the name of these companies, and use the laundered money to open legitimate businesses in a number of countries across Europe.
“Financially motivated cyber criminals rely heavily on the services of money launderers like the QQAAZZ network to access the funds stolen from victims. Targeting such networks is just one of the ways the NCA works to cause disruption to the organised cyber criminals who have the most significant impact on the UK,” said Richard Winstanley from the NCA’s National Cyber Crime Unit.
“Cyber crime, by default, is a threat that crosses borders and international collaboration such as this is crucial to tackling it. The NCA investigation into UK-based members of this network remains ongoing.”
This is not the first time that cyber criminals have been found laundering tens of millions that they steal from organisations worldwide. Over two years ago, a report from Bromium revealed that cyber criminals across the globe laundered up to £142 bn each year from the proceeds of their criminal activities, and the money they laundered constituted an estimated 8-10 percent of total illegal profits laundered globally.
The study, commissioned by Bromium and conducted by Dr. Mike McGuire, Senior Lecturer in Criminology at Surrey University, revealed that aside from laundering their money, cyber criminals were also using virtual currencies regularly, but were also moving away from Bitcoin to less recognized virtual currencies such as Monero to preserve their anonymity.
Cyber criminals were also found using PayPal and other digital payment systems to launder money and also exploiting in-game purchases, notably in China and South Korea, to carry out gaming-currency laundering. By accumulating millions in virtual currencies, they use them on websites such as Bitcoin Real Estate to purchase expensive property from penthouse suites and lavish mansions to 160-acre private islands.
“It’s no surprise to see cybercriminals using virtual currency for money laundering. The attraction is obvious. It’s digital, so is an easily convertible way of acquiring and transferring cybercrime revenue. Anonymity is also key, with platforms like Monero designed to be truly anonymous, and tumbler services like CoinJoin that can obscure transaction origins," noted Dr. McGuire.