QQAAZZ is believed to have laundered tens of millions of stolen Euros through a variety of corporate and personal bank accounts.
“The QQAAZZ members secured these bank accounts by using both legitimate and fraudulent Polish and Bulgarian identification documents to create and register dozens of shell companies which conducted no legitimate business activity,” Europol said.
The group then advertised itself as a “global, complicit bank drops service” on Russian sites frequented by cybercriminals, where some of the worlds most notable cybercriminal families, like Dridex, Trickbot and GozNym, acquired their services.
Law enforcement agencies of 16 countries were involved in the operation, during which “some 40 house searches were carried out in Latvia, Bulgaria, the United Kingdom, Spain and Italy.”
However, the focus was on Latvia, where the bulk of the searches took place.
The United States, Portugal, the United Kingdom and Spain initiated criminal proceedings against those arrested, according to Europol.
“Cybercriminals are constantly exploring new possibilities to abuse technology and financial frameworks to victimise millions of users in a moment from anywhere in the world,” said Edvardas Šileris, head of Europol’s European Cybercrime Centre.
Cybercrime has been a particular threat amidst the global COVID-19 pandemic. The new world of widespread remote working has opened up novel vulnerabilities and therefore possibilities for malware and ransomware attacks as criminals, like much of the rest of the world, are also working from home.