US authorities said the group has been active since 2016 and operated by advertising its services on Russian-speaking hacker forums.
There, the group established connections with some of today's largest malware operations, including the likes of operators of malware botnets like Dridex, Trickbot, and GozNym.
According to the DOJ, QQAAZZ members operated a large network of bank accounts and money mules that allowed malware gangs to funnel money from hacked accounts to new, clean destinations.
QQAAZZ members were organized on a business-like hierarchy. Leaders would handle customer communications, mid-level managers recruited money mules, and money mules opened bank accounts and picked up money from ATMs, when needed.
US officials said the group managed a huge network of bank accounts around the world using fake identities and shell companies.
These accounts would serve as landing spots for funds received from hacks, malware infections, and other cybercrime operations. The money would travel through the QQAAZZ accounts and get converted into cryptocurrency.
In a digital form, the cryptocurrency would then be passed through a "tumbling" service to anonymize transactions even more, and then the funds would be returned back to the cybercrime groups, with QQAAZZ operators retaining a cut varying from 40% to 50% for their efforts.
US authorities said that while charges were filed in the US, this was an international crackdown against the QQAAZZ group, and other criminal prosecutions were initiated in other countries, such as Portugal, Spain, and the US.
Sixteen countries were involved in an international operation against QQAAZZ, which Europol named "Operation 2BaGoldMule."
As part of this crackdown, Europol said participant countries carried out more than 40 house searches across Latvia, Bulgaria, the United Kingdom, Spain and Italy, and made 20 arrests.