QQAAZZ Money Laundering Operation for Malware Attacks Charged by DOJ
The US Department of Justice (DOJ) in the Western District of Pennsylvania Indicated fourteen members of a transnational criminal organization known as QQAAZZ. The money-laundering operation worked for cybercriminals to move money stolen from victims of computer fraud in the United States and abroad. Investigators at the DOJ worked with Europol and police organizations in Portugal, Spain, the United Kingdom, Latvia, Bulgaria, Georgia, Italy, Switzerland, Poland, Czech Republic, Australia, Sweden, Austria, Germany, and Belgium.
The alleged criminals are also facing criminal charges in Portugal, Spain, and the United Kingdom.
According to the DOJ indictment, QQAAZZ advertised its services as a “global, complicit bank drops service” on Russian cybercriminal online forums. The customers who use these services are those responsible for cyberattacks using malware like Dridex, Trickbot, GozNym, and more.
An extensive bitcoin mining operation was also seized in Bulgaria.
“For the past several years, law enforcement from 16 countries has been conducting coordinated investigations of this criminal gang, and now parallel prosecutions will commence in the United States, Portugal, United Kingdom, and Spain,” said U.S. Attorney Scott W. Brady for the DOJ Western District of Pennsylvania.
In each case, the criminals compromised the victim’s network and took over their business banking accounts. They then transferred money away to QQAAZZ controlled accounts opened in the names of shell corporations. The criminals transferred funds amongst other accounts to hide the trail of stolen money. They also used tumbling services to convert hard currency to cryptocurrency.
QQAAZZ charge fees are 40 to 50% of for their money laundering services.
US Based Victims of QQAAZZ include:
An unnamed bank based in Pittsburgh, Pennsylvania was among the companies victimized by the cyber money-launderers.
“Cybercriminals are constantly exploring new possibilities to abuse technology and financial frameworks to victimize millions of users in a moment from anywhere in the world,” said Fernando Ruiz, Head of Europol’s European Cybercrime Centre.
The indicted criminals are from Latvia, Georgia, Bulgaria, Romania, and Belgium as well as other countries. In October 2019 the DOJ previously charged five other Latvian nationals for their role in QQAAZZ operations.