U.S. Department of Justice filed charges 14 members of the international hacker group QQAAZZ, specializing in money laundering. These are mainly residents of Bulgaria and Latvia, but also several of the accused are citizens of Belgium, Romania and Georgia.
Law enforcement officials report that the group has been active since at least 2016 and has been actively promoting its services on Russian-language hacker forums. It was on such resources that QQAAZZ established contacts with the operators of the largest malware programs today, including Dridex, Trickbot and GozNym.
The Justice Department's statement says that QQAAZZ members ran a large network of bank accounts and money mules, which allowed hackers to quickly transfer money from hacked accounts to new and "clean" ones.
At the same time, the work of QQAAZZ was organized no worse than the business of a legal company. For example, the leaders of the group were usually responsible for communication with customers, middle managers hired money mules, and the money mules themselves opened bank accounts and withdrawn money from ATMs when required.
Law enforcement officials emphasize that QQAAZZ owns many bank accounts around the world, and this network was created using fictitious personalities and dozens of shell companies. These accounts served as entry points for funds generated by hacks, malware infections, and so on. As a result, this money passed through numerous QQAAZZ accounts and was eventually converted into cryptocurrency.
However, the criminals did not stop there: the cryptocurrency was additionally passed through special tumbling services for greater anonymity of transactions, and only after that the funds were returned back to the laundering customers, while the QQAAZZ operators kept a commission of 40-50% for their services.
The Justice Department reports that in October 2019, the charges were also presented five other group members. At the same time, the authorities explain that, although the charges were brought in the United States, the international prosecution of QQAAZZ participants has long been begun, and other criminal cases have been opened in Portugal, Spain and other countries.
In total, in the international operation against QQAAZZ, which Europol called “Operation 2BaGoldMule”, Participated 16 countries of the world. The countries participating in the operation conducted more than 40 searches in Latvia, Bulgaria, Great Britain, Spain and Italy (mobile phones, computers, fake identity cards and financial documents were seized), and also made 20 arrests.