October is the month of Cybersecurity awareness, initiated by the European Union in order to promote cybersecurity among EU citizens. Read our CISO Johan Landströms text about QQAAZZ and get an insight to the world of cyber laundry specialists.
The fall of the organised money laundering organisation QQAAZZ gives insight into an essential part of the cybercrime ecosystem, the professional cyber launderers. QQAAZZ offered a professional money laundering service to organised cybercrime groups. Among them are the gangs that created some of the most damaging malware families i.e. Dridex, Trickbot, GozNym and many more.
QQAAZZ where active between 2016-2019 and was shut down in an international law enforcement operation during October 2020. The court case is still updating and as of august two defendants plead guilty for the role in the money laundering organisation.
The modus operandi shares a similar setup as other, more traditional, money laundering networks. They used shell companies created in multiple European countries using both true and untrue documents for their incorporation with hundreds of connecting business account to be able to receive payments from victims. The layering process involved transacting between the shell companies/corporate accounts. They also converted victim payments into cryptocurrencies, layering them through an online tumbler/mixing services (A virtual currency money laundering service) to break the payment trail before returning them to the criminals. QQAAZZ also had an extensive money mule network that aided in cash outs and transferring “clean” money to the criminals. The fee for the service was between 40-50%, and QQAAZZ laundered tens of millions of Euros on behalf of cybercriminals.
Besides using cryptocurrencies, a customer base in the cybercrime ecosystem, and online market ads on cybercrime forums the business model was structured with a lot of similarities to a classic money laundering network.
The QQAAZZ pyramid structure
The cyber laundry specialists of QQAAZZ had a pyramid structure with a leader, middle men and money mules. The organisation had several shell companies with hundreds of corporate accounts that could receive money from victims and additional possibilities to convert money into crypto currencies and trough a mixing service return the funds back to the cyber criminal. QQAAZZ fee for their service was between 40-50% of the sum.