Fourteen members of QQAAZZ, an international cybercrime group known for money laundering, were charged yesterday in USA, Portugal, Spain and United Kingdom for the provision of money laundering services resulting from the illicit activities of malicious companies, including Trickbot, Dridex and GozNym.
According to the allegations, QQAAZZ legitimized (or at least tried to legitimize) tens of millions stolen by cybercrime victims. U.S. authorities say the group has been active since 2016 and advertises its services in Russian. hacking forum.
The US Department of Justice (DoJ) noted that QQAAZZ members operated a large network bank accounts and money mules (money transferrs) that allowed in gangs malware to transfer money from compromised accounts to new, "clean" destinations.
The members of QQAAZZ were organized in a company-type hierarchy. Managers handled customer communications, mid-level managers recruited money mules and money mules in turn opened bank accounts and took money from ATM, when needed.
In addition, U.S. officials said the group operated a vast network of bank accounts around the world using fake IDs and shell companies. These accounts served as destination points for money received from intrusions, malware infections and other cybercrime businesses. The money "traveled" through QQAAZZ accounts and was converted into cryptobodies.
QQAAZZ then returned some of the money laundered to its cybercrime clients, receiving up to 50% of the total balance of stolen money received. In addition to the 14 suspects charged, five other suspects were also charged in October 2019 with money laundering.
Sixteen countries took part in an international operation against QQAAZZ, which Europol named “Business 2BaGoldMule”. As part of this operation, Europol said that the participating countries conducted more than 40 investigations in the United Kingdom, Spain, Italy, Latvia and Bulgaria, and made 20 arrests.