One alleged Dridex money-launderer set for US extradition, beams UK's National Crime Agency

They nicked six alleged perps last year but only one was charged


Britain’s National Crime Agency arrested six men in London on suspicion of laundering “tens of millions” for the Trickbot and Dridex banking malware gangs, the not-quite-police agency declared today.

The six, a mixture of British and Eastern European citizens, were arrested around a year ago, said the NCA as EU police agency Europol jointly boasted of a further 14 arrests in the political bloc, the US and Australia.

One, 32-year-old Arturs Zaharevics, is awaiting extradition to the US to stand trial on charges there. The other five have been released.

The public announcement comes days after Microsoft used US trademark law to target Trickbot’s command-and-control (C2) infrastructure, and a week after the US Cyber Command, a military organisation, did a similar thing using its offensive cyber capabilities.

“The crime group is believed to have laundered the money through numerous corporate and personal bank accounts, which they had opened with financial institutions throughout the world. It was often converted into cryptocurrency to hide its original source,” said the NCA, as it labelled the gang the "QQAAZZ" network. “After taking a fee, the network transferred the balance back to the cyber criminals who were responsible for stealing it.”

NCA officers seized mobile phones, computers, suspected false IDs and financial documents in searches across eleven properties and four vehicles, the agency claimed in a statement.

The arrests are part of the same case as that against alleged Russian criminal Maksim Boiko, who reportedly pleaded not guilty earlier this year to similar charges of money laundering.

QQAAZZ allegedly “advertised its services on Russian-speaking online cybercrime forums” where it found common cause with the malware's operators.

Trickbot has been labelled by the NCA as “one of the primary causes of fraud related losses to the UK banking sector”, with one UK bank reporting losses attributable to Trickbot worth over £2m in a 12-month period.

Richard Winstanley from the NCA’s National Cyber Crime Unit said in a statement: “Financially motivated cyber criminals rely heavily on the services of money launderers like the QQAAZZ network to access the funds stolen from victims. Targeting such networks is just one of the ways the NCA works to cause disruption to the organised cyber criminals who have the most significant impact on the UK.”

He added that the NCA investigation into UK-based members of QQAAZZ “remains ongoing.”

Two Russians also indicted by the American authorities in December 2019 over the Dridex malware remain residents of that country. ®

Similar topics

Broader topics


Other stories you might like

  • The ‘substantial contributions’ Intel has promised to boost RISC-V adoption
    With the benefit of maybe revitalizing the x86 giant’s foundry business

    Analysis Here's something that would have seemed outlandish only a few years ago: to help fuel Intel's future growth, the x86 giant has vowed to do what it can to make the open-source RISC-V ISA worthy of widespread adoption.

    In a presentation, an Intel representative shared some details of how the chipmaker plans to contribute to RISC-V as part of its bet that the instruction set architecture will fuel growth for its revitalized contract chip manufacturing business.

    While Intel invested in RISC-V chip designer SiFive in 2018, the semiconductor titan's intentions with RISC-V evolved last year when it revealed that the contract manufacturing business key to its comeback, Intel Foundry Services, would be willing to make chips compatible with x86, Arm, and RISC-V ISAs. The chipmaker then announced in February it joined RISC-V International, the ISA's governing body, and launched a $1 billion innovation fund that will support chip designers, including those making RISC-V components.

    Continue reading
  • FBI warns of North Korean cyberspies posing as foreign IT workers
    Looking for tech talent? Kim Jong-un's friendly freelancers, at your service

    Pay close attention to that resume before offering that work contract.

    The FBI, in a joint advisory with the US government Departments of State and Treasury, has warned that North Korea's cyberspies are posing as non-North-Korean IT workers to bag Western jobs to advance Kim Jong-un's nefarious pursuits.

    In guidance [PDF] issued this week, the Feds warned that these techies often use fake IDs and other documents to pose as non-North-Korean nationals to gain freelance employment in North America, Europe, and east Asia. Additionally, North Korean IT workers may accept foreign contracts and then outsource those projects to non-North-Korean folks.

    Continue reading
  • Elon Musk says Twitter buy 'cannot move forward' until spam stats spat settled
    A stunning surprise to no one in this Solar System

    Elon Musk said his bid to acquire and privatize Twitter "cannot move forward" until the social network proves its claim that fake bot accounts make up less than five per cent of all users.

    The world's richest meme lord formally launched efforts to take over Twitter last month after buying a 9.2 per cent stake in the biz. He declined an offer to join the board of directors, only to return asking if he could buy the social media platform outright at $54.20 per share. Twitter's board resisted Musk's plans at first, installing a "poison pill" to hamper a hostile takeover before accepting the deal, worth over $44 billion.

    But then it appears Musk spotted something in Twitter's latest filing to America's financial watchdog, the SEC. The paperwork asserted that "fewer than five percent" of Twitter's monetizable daily active users (mDAUs) in the first quarter of 2022 were fake or spammer accounts, which Musk objected to: he felt that figure should be a lot higher. He had earlier proclaimed that ridding Twitter of spam bots was a priority for him, post-takeover.

    Continue reading

Biting the hand that feeds IT © 1998–2022