On Christmas Day 2024, a Russian-linked laundering network bought itself a very special present: a controlling stake in a Kyrgyzstan bank, later used to wash cybercrime profits and funnel money into Moscow's war machine, [1]according to the UK's National Crime Agency (NCA).

The network, exposed through the NCA's long-running Operation Destabilise, has been sucking up dirty cash across at least 28 UK towns and cities, converting it into cryptocurrency, and using that crypto to move funds through a bank it quietly acquired in Kyrgyzstan. That bank, Keremet, was later identified as facilitating cross-border payments for Promsvyazbank, the Russian state-owned lender that bankrolls companies in the military-industrial base.

For a fee, couriers working the UK end of the network collect cash from drugs, firearms, and immigration crime, then hand it to operators who push it through "cash-to-crypto" swaps. The NCA says those swaps sit at the heart of a global ecosystem that links street-level offending to sanctions evasion, Russian state activity, and cybercrime.

[2]

Intelligence from Operation Destabilise has already helped overseas partners seize $24 million and more than €2.6 million (c $3 million), while UK seizures of cash and cryptocurrency now exceed £25 million ($32 million).

[3]

[4]

Sal Melki, deputy director for economic crime, said investigators can now "draw a line between crimes in our communities, sophisticated organised criminals, and state-sponsored activity," adding that the network "operates at all levels of international money laundering, from collecting the street cash from drug deals, through to purchasing banks and enabling global sanctions breaches."

At the center of the laundering machinery sit two networks: Smart and TGR. Both were previously unmasked by the NCA in 2024 and were already known to launder money for cybercrime crews, drug traffickers, and firearms smugglers. According to the NCA, Smart is run by Ekaterina Zhdanova, allegedly alongside Khadzi-Murat Magomedov and Nikita Krasnov. It claims TGR is headed by George Rossi, with deputies Elena Chirkinyan and Andrejs Bradens. All six senior figures have been sanctioned by the US Treasury's Office of Foreign Assets Control, and Zhdanova is currently in pre-trial detention in France.

[5]

That bank purchase wasn't just financial theater, according to the agency. The NCA says Altair Holding SA – a company linked to TGR boss Rossi – bought a 75 percent stake in Keremet Bank on December 25, 2024. Keremet was then used to route payments for Promsvyazbank and companies supplying Russia's military sector. Also circling the scheme was Ilan Shor, a Russian-Moldovan oligarch involved in a string of sanctions-busting payment platforms, including A7, which launched a rouble-backed crypto token designed to enable cross-border transfers beyond the reach of Western restrictions.

The NCA says Smart's operators even worked with individuals linked to Russian intelligence services, including a UK-based Bulgarian group led by Orlin Roussev, later convicted of spying across Europe on Moscow's behalf. The networks also helped Russian clients illegally move money into the UK to invest, threatening what the agency calls the "integrity of our economy."

[6]Russian spies pack custom malware into hidden VMs on Windows machines

[7]Russia finally bites the cybercrooks it raised, arresting suspected Meduza infostealer devs

[8]Cyber exec with lavish lifestyle charged with selling secrets to Russia

[9]Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack

Despite the scale, much of the scheme rests on low-paid couriers driving around Britain collecting envelopes of notes. The NCA has launched a campaign targeting those couriers directly. Melki said they are "paid very little for the risks they take" and could face years behind bars.

Several have already found out the hard way. In April, two men were jailed for laundering £6 million by exploiting the Russia-Ukraine war to justify moving criminal funds, with one later found to have bought a £1 million house using the proceeds. Another courier, caught with more than £750,000 in his home and car, was jailed for three years after admitting to criss-crossing the UK delivering bags of cash into the laundering pipeline.

The NCA says its crackdown has rattled Russia-linked networks in London, where commission rates for laundering spiked in 2024 as gangs realized operating in the capital had become "significantly restricted." With more than 120 arrests and growing cooperation from international partners including the DEA, OFAC, FBI, Secret Service, and multiple EU police forces, the agency says it has already made a "significant" dent in the system – but warns that similar networks remain active.

[10]

Or as Melki puts it: the walls are closing in – and the money men know it. ®

Get our [11]Tech Resources



[1] https://www.nationalcrimeagency.gov.uk/news/operation-destabilise-nca-exposes-billion-dollar-money-laundering-network-that-purchased-bank-to-fund-russian-war-effort

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aSCaqI3_c6afArwMBheUEgAAAFg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aSCaqI3_c6afArwMBheUEgAAAFg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aSCaqI3_c6afArwMBheUEgAAAFg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aSCaqI3_c6afArwMBheUEgAAAFg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2025/11/04/russian_spies_pack_custom_malware/

[7] https://www.theregister.com/2025/10/31/russia_arrests_three_meduza_cyber_suspects/

[8] https://www.theregister.com/2025/10/24/former_l3harris_cyber_director_charged/

[9] https://www.theregister.com/2025/10/16/chinese_russian_cyber_espionage/

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aSCaqI3_c6afArwMBheUEgAAAFg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[11] https://whitepapers.theregister.com/