The National Crime Agency (NCA) of the United Kingdom recently unveiled its most complex investigation yet, known as Operation Destabilise. This investigation, which spanned nearly four years, involved a significant portion of the agency’s staff. What made this operation unique was the revelation of a complete financial connection between street-level drug dealing and multi-billion dollar money-laundering activities that support criminal operations globally. Through interviews with NCA investigators, the story of how tracing ransomware funds led to the exposure of a vast Russian-speaking money-laundering network used by drug traffickers, cybercriminals, Moscow elites, and even Kremlin espionage operations unfolded.
The investigation kicked off in 2021, following ransomware attacks on Colonial Pipeline and Kaseya that highlighted the severity of the threat. The NCA’s cyber team delved into blockchain analysis to track payments linked to the Ryuk ransomware group, eventually exposing connections to Conti and Trickbot. The sheer volume of funds unearthed through blockchain analysis exceeded expectations, leading to the identification of billions of dollars being laundered through Russian businesses Smart and TGR Group. Ekatarina Zhdanova and George Rossi emerged as key figures within this intricate money-laundering scheme.
The breakthrough came in November 2021 with the arrest of Fawad Saiedi, a suspected criminal cash courier found with £250,000 in his possession. This arrest unveiled Saiedi’s laundering activities amounting to over £15 million, implicating Zhdanova in a cash-for-crypto scheme. Further investigations connected Zhdanova to a network of cash couriers managed by Nikita Krasnov, who facilitated transfers for various criminal groups.
As the investigation progressed, the NCA intercepted multiple cash swaps, revealing extensive networks facilitating the exchange of cash for cryptocurrency. The agency observed the movement of funds to international criminal enterprises, particularly South American drug cartels. The complexity of the operation required the consolidation of intelligence from various sources to map out and dismantle the criminal networks effectively.
The investigation also unveiled connections between the money laundering networks and Russian elites engaged in property purchases in the West, funding for media organizations like RT, and even espionage activities. While certain aspects fell outside the NCA’s jurisdiction, the agency continued its probe into the criminal networks, uncovering the vast web of illicit financial activities spanning across jurisdictions and industries.
The multi-faceted nature of Operation Destabilise highlighted the NCA’s ability to tackle complex transnational criminal operations effectively. By leveraging diverse expertise and resources, the agency successfully dismantled intricate money-laundering networks that supported various criminal enterprises from street-level drug dealing to international espionage. The investigation served as a testament to the NCA’s capability to address sophisticated criminal activities on a global scale.