Getty Images

Arrests and indictments made in cyber money laundering ring

The NCA has revealed six men were arrested in the UK as part of an international investigation into a money laundering network which handled transactions for some of the world’s most prolific cyber criminal groups

The UK’s National Crime Agency (NCA) has revealed it arrested six men in October last year as part of an international investigation into the QQAAZZ money laundering ring, which operated on behalf of some of the world’s most dangerous and prolific cyber criminals.

The revelation came as the US Department of Justice (DoJ) announced the unsealing of fresh indictments implicating 14 more alleged members of QQAAZZ in the extensive crime network, which stands accused of laundering tens of millions of dollars stolen from cyber crime victims since 2016.

The Europol-backed operation unfolded between 21 and 25 October 2019, and saw 14 other arrests in Europe, the US and Australia. In the UK, one Briton, three Georgians and two Latvian nationals were arrested at addresses across London during the raids. Five of the men have since been released under investigation, while one – 32 year-old Arturs Zaharevics – has been charged by the FBI and is awaiting extradition to the US.

The NCA said it seized mobile phones, computers, fake IDs and financial documents during searches of 11 separate properties and four vehicles.

“Financially motivated cyber criminals rely heavily on the services of money launderers like the QQAAZZ network to access the funds stolen from victims,” said Richard Winstanley of the NCA’s National Cyber Crime Unit.

“Targeting such networks is just one of the ways the NCA works to cause disruption to the organised cyber criminals who have the most significant impact on the UK.

“Cyber crime, by default, is a threat that crosses borders and international collaboration such as this is crucial to tackling it. The NCA investigation into UK-based members of this network remains ongoing,” said Winstanley.

The group advertised its services on Russian-language cyber crime forums, and was employed by actors behind some of the world’s most widespread and harmful forms of malware, including Dridex and Trickbot – which was itself disrupted earlier in October 2020 by a Microsoft-led operation.

The DoJ alleges that the multi-layered QQAAZZ network, which had members across Europe in Belgium, Bulgaria, Georgia, Latvia and Romania, opened and maintained hundreds of business and personal bank accounts all over the world to receive money siphoned from the bank accounts of cyber crime victims.

The DoJ alleges that QQAAZZ secured these bank accounts using both legitimate and fraudulent identity documents from Bulgaria and Poland, which they used to create and register shell companies that allowed them to open corporate bank accounts. The group possibly had hundreds of such accounts available to receive funds.

These funds were then transferred to other accounts controlled by the gang, and sometimes converted to cryptocurrency using so-called tumbling services, which are designed to obfuscate the original source of the funds. QQAAZZ took a cut of between 40% and 50%, before returning the balance of the stolen funds to the cyber criminals.

“Today’s charges, brought in coordination with our European law enforcement partners, reflect the Criminal Division’s steadfast efforts to work with authorities worldwide to protect the public from fraudsters and the money launderers who help them hide their stolen money,” said acting assistant attorney general Brian C Rabbitt of the DoJ Criminal Division.

“Our message to money laundering organisations like QQAAZZ is simple: international borders will not stop the dedicated efforts of law enforcement across the globe to bring you to justice. In addition to the Criminal Division team, I would like to recognise the outstanding efforts of the team led by US attorney Scott Brady, FBI Pittsburgh, and our European partners.”

Read more about cyber crime

  • Victims of cyber crime face barriers to reporting, receiving support and achieving justice, says a Home Office-backed study.
  • New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off.
  • Attacks by APT41, or Wicked Panda, targeted hundreds of organisations, including the UK government, according to a new indictment.

Read more on Hackers and cybercrime prevention

Data Center
Data Management