The news came via the United States Department of Justice which said in an October 15 release that raids across the globe had targeted a multi-million money-laundering operation by a group dubbed ''QQAAZZ", which had strong links to Latvia.
"Fourteen members of the transnational criminal organization, QQAAZZ, were charged by a federal grand jury in the Western District of Pennsylvania in an indictment unsealed today. A related indictment unsealed in October 2019 charged five members of QQAAZZ. One additional conspirator, a Russian national, was arrested by criminal complaint in late March 2020 while visiting the United States, bringing the total number of charged defendants to 20. Acting Assistant Attorney General Brian C. Rabbitt of the U.S. Department of Justice’s Criminal Division and U.S. Attorney Scott W. Brady for the Western District of Pennsylvania, made the announcement today," the release said.
"The QQAAZZ members, acting in concert with cybercriminals across the world, are accused of conspiring to launder money stolen from victims of computer fraud in the United States and elsewhere. More than 40 house searches were conducted in Latvia, Bulgaria, the United Kingdom, Spain and Italy, with criminal prosecutions initiated in the United States, Portugal, Spain and the United Kingdom."
The largest number of searches and arrests were carried out in Latvia by the Latvian State Police (Latvijas Valsts Policija), and an extensive bitcoin mining operation associated with the group was seized in Bulgaria.
“This was an extensive investigation that had implications around the world,” said FBI Pittsburgh Special Agent in Charge Michael Christman. “Partnerships are essential, as no one agency can combat cybercrime alone. This case highlights the FBI’s strategy to target and dismantle the most significant cybercriminal enterprises through a global task force approach. I can assure everyone that the FBI and our partners will continue to work tirelessly to combat these cyber threats.”
"This is the first operation of its kind to involve so many searches and arrests in several countries at the same time. The key was to act at the same time, as the members of the organized crime group were communicating with each other, and we could not allow information to leak between them and all electronic evidence to be erased,” said Dmitrijs Homenko, head of the Latvian State Police's Cybercrime Unit.
The indictment alleges that the QQAAZZ network laundered, or attempted to launder, tens of millions of dollars’ worth of stolen funds from victims of cybercrimes since 2016.
Comprised of several layers of members from Latvia, Georgia, Bulgaria, Romania, and Belgium, among other countries, the QQAAZZ network opened and maintained hundreds of corporate and personal bank accounts at financial institutions throughout the world to receive money from cybercriminals who stole it from bank accounts of victims. The funds were then transferred to other QQAAZZ-controlled bank accounts and sometimes converted to cryptocurrency using “tumbling” services designed to hide the original source of the funds. After taking a fee of up to 40 to 50 percent, QQAAZZ returned the balance of the stolen funds to their cybercriminal clientele, it is alleged.
The QQAAZZ members secured these bank accounts by using both legitimate and fraudulent Polish and Bulgarian identification documents to create and register dozens of shell companies which conducted no legitimate business activity. Using these registration documents, the QQAAZZ members then opened corporate bank accounts in the names of the shell companies at numerous financial institutions around the world, thereby generating hundreds of QQAAZZ-controlled bank accounts available to receive stolen funds from cyber thieves, the US authorities believe.
QQAAZZ advertised its services as a “global, complicit bank drops service” on Russian-speaking online cybercriminal forums where cybercriminals gather to offer or seek specialized skills or services needed to engage in a variety of cybercriminal activities. The criminal gangs behind some of the world’s most harmful malware families (e.g.: Dridex, Trickbot, GozNym, etc.) are among those cybercriminal groups that benefited from the services provided by QQAAZZ.
Of the 14 defendants named in the indictment unsealed October 15, half are Latvian residents:
- Nika Nazarovi, aka “Nika Utiashvili,” aka “Mihail Atansov,” aka “Stefan Trifonov Zhelyazkov,” 32, of Georgia;
- Martins Ignatjevs, aka “Yordan Angelov Stoyanov,” aka “Aleksander Tihomirov,” aka “Svetlin Iliyanov Asenov,” 33, of Latvia;
- Aleksandre Kobiashvili, aka “Antonios Nastas,” aka “Ognyan Krasimirov Trifonov,” 32, of Georgia;
- Dmitrijs Kuzminovs, aka “Parush Gospodinov Genchev,” 35, of Latvia;
- Valentins Sevecs, aka “Marek Jaswilko,” aka “Rafal Szczytko,” 32, of Latvia;
- Dmitrijs Slapins, 35, of Latvia;
- Armens Vecels, 24, of Latvia;
- Artiom Capacli, 31, of Bulgaria;
- Ion Cebanu, 26, of Romania;
- Tomass Trescinkas, 25, of Latvia;
- Ruslans Sarapovs, 19, of Latvia;
- Silvestrs Tamenieks, 21, of Latvia;
- Abdelhak Hamdaoui, 48, of Belgium; and
- Petar Iliev, 37, of Bulgaria.
Of the five defendants charged in the indictment unsealed in October 2019, all are Latvian residents:
- Aleksejs Trofimovics, aka “Aleksejs Trofimovich,” aka “Alexey Trofimovich,” aka “Aleko Stoyanov Angelov,” 24, of Latvia;
- Ruslans Nikitenko, aka “Krzysztof Wojciech Lewko,” aka “Milen Nikolchev Nikolov,” aka “Rafal Zimnoch,” 41, of Latvia;
- Arturs Zaharevics, aka “Piotr Ginelli,” aka “Arkadiusz Szuberski,” 33, of Latvia;
- Deniss Ruseckis, aka “Denis Rusetsky,” aka “Sevdelin Sevdalinov Atanasov,” 24, of Latvia; and
- Deinis Gorenko, 25, of Latvia.
The Russian national charged by criminal complaint and arrested in late March 2020 while visiting the United States is Maksim Boiko, aka “Maxim Boyko” aka “gangass,” 30, of Russia.
The U.S. victims who had funds stolen, or attempted to be stolen, from their online bank accounts (including from banks headquartered in Pittsburgh, Pennsylvania) and destined for QQAAZZ-controlled bank accounts overseas include a Jewish Orthodox Synagogue in Brooklyn, New York, a medical device manufacturer in Pennsylvania, an architecture firm in Miami, Florida and various other businesses.
An indictment is an accusation. A defendant is presumed innocent unless and until proven guilty.