- An extensive and lengthy collaboration of the law enforcement authorities of 16 countries resulted in the demise of QQAAZZ.
- This is a group of money launderers who used shell companies and corporate accounts to receive money from hackers.
- The crooks managed to stay hidden for four years, but eventually, they were tracked down.
An international law enforcement operation that took place across 16 countries under the guidance of Europol has resulted in the arrest of 20 individuals. They are all suspected of having ties with the QQAAZZ criminal group, which is confirmed to be involved in money laundering for cybercriminals.
The police raids were carried out almost simultaneously in 40 houses in Latvia, Bulgaria, the United Kingdom, Spain, and Italy, and the agents found and seized various types of equipment, including Bitcoin mining rigs.
Since 2016, the QQAAZZ network has laundered tens of millions of USD, passing it through corporate and personal bank accounts, using shell companies, converting it to cryptocurrency, using crypto “tumbling” platforms, and more. In general, QQAAZZ tried to pass the money through several layers of launder, hoping that the authorities would lose track of it. In exchange, they kept 50%, and the remaining half was returned to the cybercriminals.
The main center of operations was in the UK, where a shell company used for the laundering operated, but Spain and Portugal were also active on that part. Most of the people who got arrested were based in Latvia, though, with the UK and Spain following next in numbers. As for the target countries – or the stolen money source if you prefer – these were mainly Finland, the United States, Italy, and the UK.
To open the bank accounts they abused for laundering, QQAAZZ members used both legitimate and fake ID documents, while the dozens of the shell companies they operated had no legitimate activity.
The connected corporate accounts received the money from the hackers who needed laundering services, and after the conversion was over, the cut was deposited onto crypto wallets. It was a risky activity, yet it lasted for four years without much legal trouble.
During this time, law enforcement and specialized cybercrime units from 16 countries worked together to trace the actors and find their real identities. The global nature of the fraudulent activities could only be tackled by an international operation – and this is what happened, even if it took quite some time to produce tangible results, i.e., arrests.