The US Department of Justice has unsealed charges against 14 individuals from Latvia, Bulgaria, the UK, Spain, and Italy with conspiracy to commit money laundering involving tens of millions of dollars stolen from victims in the US and other countries since 2016. The indictment alleges that all defendants are members of transnational criminal organization called QQAAZZ.

According to DoJ, QQAAZZ established and maintained hundreds of corporate and personal bank accounts at financial institutions across the world to receive money stolen by other cyberthieves, including cybercriminal groups behind the Dridex, Trickbot, and GozNym malware. The money laundering services touted as a “global, complicit bank drops service” were advertised via Russian-speaking online cybercriminal forums.

“The funds were then transferred to other QQAAZZ-controlled bank accounts and sometimes converted to cryptocurrency using “tumbling” services designed to hide the original source of the funds. After taking a fee of up to 40 to 50 percent, QQAAZZ returned the balance of the stolen funds to their cybercriminal clientele,” DoJ said in a press release.

To secure their accounts the QQAAZZ members used both legitimate and fraudulent Polish and Bulgarian identification documents to create and register dozens of shell companies which conducted no legitimate business activity. Hiding behind these shell companies the QQAAZZ members then opened corporate bank accounts at multiple financial institutions across the globe.

According to Europol, 20 individuals suspected of belonging to the QQAAZZ criminal network were arrested as part of an international law enforcement operation. More than 40 house searches were conducted in Latvia, Bulgaria, the United Kingdom, Spain and Italy, with the largest number of raids carried out by the Latvian State Police (Latvijas Valsts Policija). The police also seized an extensive bitcoin mining operation associated with QQAAZZ in Bulgaria.