One alleged Dridex money-launderer set for US extradition, beams UK's National Crime Agency

Britain’s National Crime Agency arrested six men in London on suspicion of laundering “tens of millions” for the Trickbot and Dridex banking malware gangs, the not-quite-police agency declared today.

The six, a mixture of British and Eastern European citizens, were arrested around a year ago, said the NCA as EU police agency Europol jointly boasted of a further 14 arrests in the political bloc, the US and Australia.

One, 32-year-old Arturs Zaharevics, is awaiting extradition to the US to stand trial on charges there. The other five have been released.

The public announcement comes days after Microsoft used US trademark law to target Trickbot’s command-and-control (C2) infrastructure, and a week after the US Cyber Command, a military organisation, did a similar thing using its offensive cyber capabilities.

“The crime group is believed to have laundered the money through numerous corporate and personal bank accounts, which they had opened with financial institutions throughout the world. It was often converted into cryptocurrency to hide its original source,” said the NCA, as it labelled the gang the "QQAAZZ" network. “After taking a fee, the network transferred the balance back to the cyber criminals who were responsible for stealing it.”

NCA officers seized mobile phones, computers, suspected false IDs and financial documents in searches across eleven properties and four vehicles, the agency claimed in a statement.

The arrests are part of the same case as that against alleged Russian criminal Maksim Boiko, who reportedly pleaded not guilty earlier this year to similar charges of money laundering.

QQAAZZ allegedly “advertised its services on Russian-speaking online cybercrime forums” where it found common cause with the malware's operators.

Trickbot has been labelled by the NCA as “one of the primary causes of fraud related losses to the UK banking sector”, with one UK bank reporting losses attributable to Trickbot worth over £2m in a 12-month period.

Richard Winstanley from the NCA’s National Cyber Crime Unit said in a statement: “Financially motivated cyber criminals rely heavily on the services of money launderers like the QQAAZZ network to access the funds stolen from victims. Targeting such networks is just one of the ways the NCA works to cause disruption to the organised cyber criminals who have the most significant impact on the UK.”

He added that the NCA investigation into UK-based members of QQAAZZ “remains ongoing.”

Two Russians also indicted by the American authorities in December 2019 over the Dridex malware remain residents of that country. ®