Twenty people have been arrested as part of an investigation into QQAAZZ, a group that police said had laundered millions on behalf of the world’s most prolific cyber criminals.
The arrests, part of a multinational investigation that included police in 15 countries, target a notorious gang of so-called money mules that the hackers need to do their work.
QQAAZZ mimicked the structure of a sophisticated corporation, according to a U.S. federal indictment unsealed Thursday. Mid-level managers organized networks of bank accounts and shell companies in several countries, while money mules shuffled millions of dollars in stolen funds back to the hackers -- with QQAAZZ taking a cut of as much as 50 per cent.
“Financially motivated cyber criminals rely heavily on the services of money launderers like the QQAAZZ network to access the funds stolen from victims,” Richard Winstanley of the U.K.’s National Crime Agency said in a statement after police made arrests and raided 40 different houses across Europe.
The agency said six people were arrested in London and another 14 were detained throughout Europe, the U.S. and Australia in an operation coordinated by Europol.
Arkady Bukh, a lawyer representing one of the defendants, Maksim Boiko, a Russian national who was arrested in March, said his client is aggressively fighting the charges. “We are looking forward to going to trial to prove his innocence,” Bukh said. A lawyer representing Aleksejs Trofimovics, of Latvia, who was indicted in 2019, declined to comment. Lawyers representing the other defendants couldn’t be identified.
Some of the arrests were made earlier, including British, Georgian and Latvian nationals detained last year in London. Five of those men were released as the investigation continued. Another man, 32-year-old Arturs Zaharevics, is awaiting extradition to the U.S., where he was charged by the FBI.
Money mules are a basic necessity for cybercriminals, because hackers who drain bank accounts of victims in the U.S. and Europe don’t want to leave a trail that can be followed by police. In the past, hackers have used foreign exchange students and even hired unwitting accomplices over the internet.
But the QQAAZZ operation was far more sophisticated, according to the latest Justice Department indictment. Gang members would set up shell companies using forged Polish or Bulgarian documents, then open accounts in the name of those companies in various European banks.
The group maintained hundreds of accounts in banks in Portugal, Spain, Belgium, Turkey and the U.K., often shifting stolen funds between multiple accounts before converting them into untraceable cryptocurrency that was then provided to the hackers.
“In total, cybercriminals attempted to transfer tens of millions of dollars to QQAAZZ-controlled accounts, and QQAAZZ successfully laundered millions of dollars stolen from victims around the world,” the indictment said.
Many of the victims were small businesses or religious organizations that typically make easier targets than big companies armed with sophisticated cyber defenses.
Victims whose money was laundered by QQAAZZ included a synagogue in Brooklyn, a Michigan-based auto-parts manufacturer and an architecture firm in Miami, according to a U.S. Department of Justice release.