Indictments that have been unsealed showed that 20 members of the QQAAZZ money laundering group were arrested in Latvia, Bulgaria, the United Kingdom, Spain, and Italy. The operations, dubbed 2BaGoldMule, included the work of 16 countries. The criminal group is believed to be responsible for laundering tens of millions of dollars for cybercrime groups including Trickbot, Dridex, and GozNym. The group used fraudulent bank accounts they had set up around the world from money mules to launder the money and allow cashouts to occur. The group would keep part of the money they laundered—sometimes up to 50% of the total amount. An extensive Bitcoin mining operation ran by the group was also seized by police in Bulgaria. The group advertised their services on Russian speaking forums and communicated with their clients through instant messaging. QQAAZZ’s members incorporated dozens of shell corporations that they had bank accounts set up for, allowing them to launder the money easily. The group also ran a service known as “Bitcoin Tumbling” to clean bitcoin that was paid out to the actors before it was withdrawn.
Analyst Notes
Groups such as QQAAZZ are offering services to criminal organizations around the world. The operation that was uncovered shows that through international law enforcement cooperation, these criminals can be identified and taken down. Many U.S. based organizations were identified in the operations of QQAAZZ, but the total magnitude of their operations has still not been released. Though this group has been taken down, others offer the same services, and this will force threat actors to find a new group to launder their money.
More can be read here: https://www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/
