An unprecedented international law enforcement operation involving 16 countries, among them Bulgaria, has resulted in the arrest of 20 individuals suspected of belonging to the QQAAZZ criminal network which attempted to launder tens of millions of euro on behalf of the world’s foremost cybercriminals, European police co-operation agency Europol said on October 15.
About 40 house searches were carried out in Latvia, Bulgaria, the United Kingdom, Spain and Italy, with criminal proceedings initiated against those arrested by the United States, Portugal, the UK and Spain.
The largest number of searches in the case were carried out in Latvia in operations led by the Latvian State Police.
Bitcoin mining equipment was also seized in Bulgaria, Europol said.
This international sweep follows a complex investigation led by the Portuguese Judicial Police (Polícia Judiciária) together with the United States Attorney Office for the Western District of Pennsylvania and the FBI’s Pittsburgh Field Office, alongside the Spanish National Police (Policia Nacional) and the regional Catalan police (Mossos D’esquadra) and law enforcement authorities from the UK, Latvia, Bulgaria, Georgia, Italy, Germany, Switzerland, Poland, Czech Republic, Australia, Sweden, Austria and Belgium with coordination efforts led by Europol.
Criminal indictments returned by federal grand juries in Pittsburgh, US, set forth allegations of how this criminal network operated.
It is estimated that the QQAAZZ network laundered, or attempted to launder, tens of millions of euro in stolen funds since 2016.
Comprised of several layers of members mainly from Latvia, Georgia, Bulgaria, Romania, and Belgium, the QQAAZZ network opened and maintained hundreds of corporate and personal bank accounts at financial institutions throughout the world to receive money from cybercriminals who stole it from accounts of victims, Europol said.
The funds were then transferred to other QQAAZZ-controlled bank accounts and sometimes converted to cryptocurrency using ‘tumbling’ services designed to hide the original source of the funds.
After taking a fee of up to 50 per cent, QQAAZZ returned the balance of the stolen funds to their cybercriminal clientele.
The QQAAZZ members secured these bank accounts by using both legitimate and fraudulent Polish and Bulgarian identification documents to create and register dozens of shell companies which conducted no legitimate business activity, the police agency said.
Using these registration documents, the QQAAZZ members then opened corporate bank accounts in the names of the shell companies at numerous financial institutions within each country, thereby generating hundreds of QQAAZZ-controlled bank accounts available to receive stolen funds from cyber thieves.
QQAAZZ advertised its services as a “global, complicit bank drops service” on Russian-speaking online cybercriminal forums where cybercriminals gather to offer or seek specialised skills or services needed to engage in a variety of cybercriminal activities.
The criminal gangs behind some of the world’s most harmful malware families (for example, Dridex, Trickbot, GozNym) feature among those having benefited from the services provided by QQAAZZ, Europol said.