US charges QQAAZZ group for laundering money for malware gangs

Among the QQAAZZ group's clients were famous malware groups like Dridex, Trickbot, and GozNym.
Written by Catalin Cimpanu, Contributor
Image: SWIFT

The US Department of Justice has unsealed today charges against 14 members of an international money laundering group known as QQAAZZ.

US authorities said the group has been active since 2016 and operated by advertising its services on Russian-speaking hacker forums.

There, the group established connections with some of today's largest malware operations, including the likes of operators of malware botnets like Dridex, Trickbot, and GozNym.

According to the DOJ, QQAAZZ members operated a large network of bank accounts and money mules that allowed malware gangs to funnel money from hacked accounts to new, clean destinations.

QQAAZZ members were organized on a business-like hierarchy. Leaders would handle customer communications, mid-level managers recruited money mules, and money mules opened bank accounts and picked up money from ATMs, when needed.

US officials said the group managed a huge network of bank accounts around the world using fake identities and shell companies.

These accounts would serve as landing spots for funds received from hacks, malware infections, and other cybercrime operations. The money would travel through the QQAAZZ accounts and get converted into cryptocurrency.

In a digital form, the cryptocurrency would then be passed through a "tumbling" service to anonymize transactions even more, and then the funds would be returned back to the cybercrime groups, with QQAAZZ operators retaining a cut varying from 40% to 50% for their efforts.

20 arrests made in a transnational operation

Besides the 14 suspects charged today [indictment PDF], the DOJ said it also charged five others in October 2019 [indictment PDF].

US authorities said that while charges were filed in the US, this was an international crackdown against the QQAAZZ group, and other criminal prosecutions were initiated in other countries, such as Portugal, Spain, and the US.

Sixteen countries were involved in an international operation against QQAAZZ, which Europol named "Operation 2BaGoldMule."

As part of this crackdown, Europol said participant countries carried out more than 40 house searches across Latvia, Bulgaria, the United Kingdom, Spain and Italy, and made 20 arrests.

Image: Europol

The FBI's most wanted cybercriminals

Editorial standards