16 October 2020

Members of QQAAZZ group charged for laundering funds stolen by cybercriminals


Members of QQAAZZ group charged for laundering funds stolen by cybercriminals

The US Department of Justice has unsealed charges against 14 individuals from Latvia, Bulgaria, the UK, Spain, and Italy with conspiracy to commit money laundering involving tens of millions of dollars stolen from victims in the US and other countries since 2016. The indictment alleges that all defendants are members of transnational criminal organization called QQAAZZ.

According to DoJ, QQAAZZ established and maintained hundreds of corporate and personal bank accounts at financial institutions across the world to receive money stolen by other cyberthieves, including cybercriminal groups behind the Dridex, Trickbot, and GozNym malware. The money laundering services touted as a “global, complicit bank drops service” were advertised via Russian-speaking online cybercriminal forums.

“The funds were then transferred to other QQAAZZ-controlled bank accounts and sometimes converted to cryptocurrency using “tumbling” services designed to hide the original source of the funds. After taking a fee of up to 40 to 50 percent, QQAAZZ returned the balance of the stolen funds to their cybercriminal clientele,” DoJ said in a press release.

To secure their accounts the QQAAZZ members used both legitimate and fraudulent Polish and Bulgarian identification documents to create and register dozens of shell companies which conducted no legitimate business activity. Hiding behind these shell companies the QQAAZZ members then opened corporate bank accounts at multiple financial institutions across the globe.

According to Europol, 20 individuals suspected of belonging to the QQAAZZ criminal network were arrested as part of an international law enforcement operation. More than 40 house searches were conducted in Latvia, Bulgaria, the United Kingdom, Spain and Italy, with the largest number of raids carried out by the Latvian State Police (Latvijas Valsts Policija). The police also seized an extensive bitcoin mining operation associated with QQAAZZ in Bulgaria.


Back to the list

Latest Posts

US Cyber Command provides info on malware implants used in attacks against parliaments, embassies

US Cyber Command provides info on malware implants used in attacks against parliaments, embassies

US authorities shared details on the ComRAT malware and the Zebrocy backdoor used by Russia-linked Turla and APT 28 hacker groups.
30 October 2020
Maze ransomware gang prepares for shut down

Maze ransomware gang prepares for shut down

The Maze group had stopped encrypting new victims in September 2020, and is now trying to get the last payments from their victims.
29 October 2020
Iranian hackers targeted “high profile” security conference attendees

Iranian hackers targeted “high profile” security conference attendees

The attacks involved spoofed emails with invitations ostensibly sent from organizers of the Munich Security Conference and the Think 20 Summit in Saudi Arabia.
29 October 2020