16 October 2020

Members of QQAAZZ group charged for laundering funds stolen by cybercriminals


Members of QQAAZZ group charged for laundering funds stolen by cybercriminals

The US Department of Justice has unsealed charges against 14 individuals from Latvia, Bulgaria, the UK, Spain, and Italy with conspiracy to commit money laundering involving tens of millions of dollars stolen from victims in the US and other countries since 2016. The indictment alleges that all defendants are members of transnational criminal organization called QQAAZZ.

According to DoJ, QQAAZZ established and maintained hundreds of corporate and personal bank accounts at financial institutions across the world to receive money stolen by other cyberthieves, including cybercriminal groups behind the Dridex, Trickbot, and GozNym malware. The money laundering services touted as a “global, complicit bank drops service” were advertised via Russian-speaking online cybercriminal forums.

“The funds were then transferred to other QQAAZZ-controlled bank accounts and sometimes converted to cryptocurrency using “tumbling” services designed to hide the original source of the funds. After taking a fee of up to 40 to 50 percent, QQAAZZ returned the balance of the stolen funds to their cybercriminal clientele,” DoJ said in a press release.

To secure their accounts the QQAAZZ members used both legitimate and fraudulent Polish and Bulgarian identification documents to create and register dozens of shell companies which conducted no legitimate business activity. Hiding behind these shell companies the QQAAZZ members then opened corporate bank accounts at multiple financial institutions across the globe.

According to Europol, 20 individuals suspected of belonging to the QQAAZZ criminal network were arrested as part of an international law enforcement operation. More than 40 house searches were conducted in Latvia, Bulgaria, the United Kingdom, Spain and Italy, with the largest number of raids carried out by the Latvian State Police (Latvijas Valsts Policija). The police also seized an extensive bitcoin mining operation associated with QQAAZZ in Bulgaria.


Back to the list

Latest Posts

French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data

French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data

The exposed database contained confidential business-related data, including pharmaceutical sales data and full names of Apodis Pharma partners and employees.
2 December 2020
DarkIRC botnet is actively targeting vulnerable Oracle WebLogic servers

DarkIRC botnet is actively targeting vulnerable Oracle WebLogic servers

The researchers found more than 3,000 internet-exposed Oracle WebLogic servers potentially vulnerable to attacks exploiting CVE-2020-14882.
2 December 2020
Malicious npm packages caught distributing Bladabindi RAT

Malicious npm packages caught distributing Bladabindi RAT

The two packages named jdb.js and db-json.js were created by the same author and were posing as the legitimate jdb and db-json libraries.
2 December 2020