Indictments that have been unsealed showed that 20 members of the QQAAZZ money laundering group were arrested in Latvia, Bulgaria, the United Kingdom, Spain, and Italy. The operations, dubbed 2BaGoldMule, included the work of 16 countries. The criminal group is believed to be responsible for laundering tens of millions of dollars for cybercrime groups including Trickbot, Dridex, and GozNym. The group used fraudulent bank accounts they had set up around the world from money mules to launder the money and allow cashouts to occur. The group would keep part of the money they laundered—sometimes up to 50% of the total amount. An extensive Bitcoin mining operation ran by the group was also seized by police in Bulgaria. The group advertised their services on Russian speaking forums and communicated with their clients through instant messaging. QQAAZZ’s members incorporated dozens of shell corporations that they had bank accounts set up for, allowing them to launder the money easily. The group also ran a service known as “Bitcoin Tumbling” to clean bitcoin that was paid out to the actors before it was withdrawn.