The Business of Fraud: Laundering Funds in the Criminal Underground
Get Trending Threat Insights with Cyber Daily Subscribe Today

The Business of Fraud: Laundering Funds in the Criminal Underground

September 28, 2021 • Insikt Group®

Insikt Group

Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

Recorded Future analyzed current data from the Recorded Future® Platform, dark web, and open-source intelligence (OSINT) sources to review money laundering services within underground sourcing and the methodology and operations used by threat actors. This report expands upon findings addressed in the first report of the Insikt Group’s Fraud Series, “The Business of Fraud: An Overview of How Cybercrime Gets Monetized

Executive Summary

Money laundering services within the dark web facilitate a combination of activities through which threat actors can conceal the origins of their money, transfer cryptocurrency, have funds sent to a bank account or payment cards, or exchange to physical cash via online payment solution platforms like WebMoney or PerfectMoney. Many of these services are linked to the use of cryptocurrency and rely on other mixing services to tumble funds and help threat actors remain anonymous when transferring them. Peer-to-peer (P2P) transactions are a convenient alternative to traditional financial platforms, with support for platforms such as Venmo being touted as key features within popular underground services. 

Key Judgments

  • Dark web money laundering services facilitate a multitude of combinations through which threat actors can clean their money and can transfer cryptocurrency into virtual currency, have funds sent to a bank account or payment cards, or exchange to physical fiat currency. 
  • Money laundering services referenced within underground sources over the past year have consistently relied on money mules, cash-out requests, exchangers, or mixers to succeed.
  • Despite a high volume of arrests and takedowns of money laundering services or services that support laundering activity over the past year, underground actors generally appear disinclined to cease laundering operations they likely continue to deem profitable.
  • Cybercriminals are likely to adopt new technologies such as NFTs and other laundering techniques in response to law enforcement action and growing private sector awareness of their activities.
  • Ransomware operators likely use the multitude of dark web money laundering services operated by threat actors on well-known cybercrime forums such as Verified. Bitcoin is likely to continue to be the most widely used cryptocurrency in ransomware and laundering operations. 

Editor’s Note: This post was an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

New call-to-action

Related Posts

Shining a Light on RedLine Stealer Malware and Identity Data Found in Criminal Shops

Shining a Light on RedLine Stealer Malware and Identity Data Found in Criminal Shops

October 14, 2021 • Ellen Wilson

As threat actors continue to expand their attack surface - with cloud systems and supply chain...

Illegal Activities Endure on China’s Dark Web Despite Strict Internet Control

Illegal Activities Endure on China’s Dark Web Despite Strict Internet Control

October 5, 2021 • Insikt Group®

Editor’s Note: The following post is an excerpt of a full report To read the entire analysis,...

4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan

4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan

September 28, 2021 • Insikt Group®

Insikt Group has detected separate intrusion activity targeting a mail server of Roshan, one of...