Operation Destabilise- A UK billion-dollar money laundering network bought a bank in Kyrgyzstan

According to the National Crime Agency (NCA), A billion-dollar money laundering network active in the UK purchased a bank in the Central Asian state of Kyrgyzstan to

• Facilitate the washing of profits from cybercrime and other criminal activity, and
• Convert it into cryptocurrency that was used to evade sanctions on Russia in support of the Putin regime’s war on Ukraine,

So-called cash-to-crypto swaps are a core part of the global criminal ecosystem.

In 2024, the NCA and its European and North American partners came down hard on two full-service Russian-run money-laundering networks as part of an ongoing series of actions dubbed Operation Destabilise.

• TGR and Smart, which washed money on behalf of multiple ransomware crews, including the likes of Evil Corp, Conti and Ryuk,

In the past 12 months, Operation Destabilise has arrested 45 suspected money launderers and seized £5.1m in cash.

• Since its inception, 128 arrests and over £25m have been seized in cash and crypto assets in the UK, plus millions more abroad.

NCA deputy director for economic crime, Sal Melki. SAID

• “Today, we can reveal the sheer scale at which these networks operate and draw a line between crimes in our communities, sophisticated organised criminals and state-sponsored activity,” said
• “The networks disrupted through Destabilise operate at all levels of international money laundering, from collecting the street cash from drug deals, through to purchasing banks and enabling global sanctions breaches.”

The connection into Kyrgyzstan, a former Soviet state sandwiched between Kazakhstan and China, was uncovered in August,

• When a company linked to TGR ringleader George Rossi, Altair Holding SA, was sanctioned in the UK as part of a crackdown on known Russian efforts to circumvent Western sanctions by exploiting the Kyrgyz financial system.

It can now be revealed.

• Altair bought a 75% stake in Kyrgyzstan-based Keremet Bank on 25 December 2024.
• The NCA has subsequently found that Keremet facilitated extensive cross-border payments on behalf of state-owned Promsvyazbank.
• Promsvyazbank, which was nationalised by the Russian government in 2018, was also sanctioned by the US and UK following the invasion of Ukraine and has been accused of links to Russian attempts to rig elections in Moldova through the populist, pro-Russian politician and oligarch Ilon Shor, who also orchestrated the theft of over $1bn from the country’s banking system in 2014.
• Shor’s A7 company at one time collaborated with Promsvyazbank on the launch of a rouble-backed cryptocurrency stablecoin, A7A5, and networks linked to the firm have likely been designed to allow cross-border payments to circumvent sanctions in support of Russia’s military-industrial complex, said the NCA.

Beyond ransomware

• It was cybercrime, specifically the network’s links to Evil Corp and bitcoin payments made by its victims, that first led the NCA and its partners to the activity, when they spotted the profits of ransomware attacks going into an individual crypto exchange account that was linked to UK-based money launderers it had already identified.
• However, the activities of TGR and Smart extend into other areas of organised criminality across the UK, including the drugs and firearms trade and immigration fraud.
• The NCA would not, however, be drawn at this stage on any involvement in its other investigations into cyber criminal activity or any of the major cyber-attacks that have unfolded this year in the UK.
• Besides funnelling these funds into propping up Russia’s war on Ukraine – the agency described a “clear thread” between small-time Friday night cocaine deals in UK bars and clubs to Russian missile strikes on Ukrainian civilians – the network also made money available to wealthy Russians living in the West as a concierge service. It even incorporated some of it back into the UK banking system through traditionally cash-rich businesses, such as small building firms.
• The identified and arrested individuals linked to money laundered through the network include two Russian nationals who bought cars and vans in the UK, shipped them to Ukraine and sold them to the Ukrainian government, which was unaware it was funding its enemy’s war effort.

Operation Destabilise also ensnared many Brits,

• Such as Scottish footballer James Keatings, who investigators witnessed transferring boxes of cash from a van during a June 2024 handover of almost £400,000.
• Keatings, a former member of Celtic’s youth development programme who went on to play for both Heart of Midlothian and Hibernian during his career, was jailed for 13 months earlier this year after he admitted possessing and transferring criminal property at Falkirk Sheriff Court.
• Like Keatings, many of the network’s UK operatives were mules tasked by the network’s “managers” with driving all over the country to pick up cash from lower-level criminals.

SOURCE

https://www.computerweekly.com/news/366634571/Russian-money-launderers-bought-a-bank-to-disguise-ransomware-profit