‘Silent Partners’ Part 2 – organised crime’s black market activities

A troubling and complex issue has emerged in response to the US-led sanctions on Russia following its invasion of Ukraine. Organised crime groups (OCGs), driven by their relentless pursuit of profit, have found fertile ground in evading these sanctions, resulting in a cascade of effects felt across the globe. This is Part 2 of an analysis – see Part 1 here.

The impact on the environment

The ramifications of organised crime groups evading sanctions extend far beyond conventional issues of cybercrime and corruption. Take, for example, the impact on the global environment of Russia’s illegal dilapidated, shadow oil distribution fleet which is said to be worth US$1.5 billion.

Ongoing violations of sanctions persist in the form of a clandestine fleet comprised of tankers and vessels of various kinds, illicitly transporting Iranian and Russian oil across the globe. Bad actors engaged in these activities employ a diverse array of aging and dilapidated vessels, departing from locations such as Greece, Turkey and other points of origin. These operators flout sanctions, often with tacit compliance from buyers, who, driven by their own oil requirements, tend to look the other way. This unlawful activity presents substantial environmental risks, as those involved prioritise profit over considerations for the safety of the environment, disregarding potential disasters arising from spills or maritime collisions. Their actions demonstrate a stark disregard both for the people of Ukraine and the environmental repercussions of their operations.

Organised crime in the digital age

Taking advantage of technological advances, OCGs are profiting from ransomware attacks and the sale of stolen critical business intelligence and intellectual property (IP). IP is usually sourced from state-sponsored organisations – for example, South Korea’s Lazarus and their massive cryptocurrency heists; China’s crack hacking unit APT41 (also known as Double Dragon or Wicked Panda) with their advanced supply chain attacks and IP theft; or Russia’s hacking groups Sandworm and Turla and their extraordinary blackout cyberattacks against power grids and destructive self-replicating codes.

Two of the oldest and most powerful Russian OCG’s (ROCG’s), based in St Petersburg, are Tambovskaya and Solntsevskaya. Formed in the 1990s following the collapse of the Soviet Union, they rose to power using extortion, money laundering and violence. Tambovskaya is known to have a presence in the US, Spain and the UK. Solntsevskaya, viewed as the more sophisticated of the two due to its ability to infiltrate legitimate business, has a firm hold in the US, Europe and South America.

Despite their rivalry, the two ROCGs have occasionally co-operated. In one operation during the Yugoslav conflict, they jointly smuggled weapons to the Balkans. They are also both known to be heavily involved in the low-risk, high-reward, dark industry of cybercrime and are into phishing scams, malware attacks, crypto currency theft and other Dark Web related activities.

Indeed, Vladimir Putin is where he is today because of the ongoing support of the FSB (the Federal Security Service, or the KGB by any other name) and the efforts and involvement of the OCGs. This support actually dates back to Putin’s time as the Deputy Mayor of St Petersburg. This relationship has become so entwined that it is now hard to determine where the intelligence agencies stop and OCGs begin.

China is now believed to have the most powerful state-sponsored hacking operation in the world. But it is said (even within US and UK cyber intelligence defence circles) that Russia’s Turla is the most revered for its sophistication and ingenuity. The Turla group was behind the 1996 attack on the Pentagon – the first ever recorded and identified. It went on to hack US satellites, stealing victims’ data from outer space.

Its malware has been infecting machines unnoticed for over two decades and its derivatives are still found on intelligence services’ machines around the world today.

Chinese and Myanmar OCG scamming offices (used to facilitate cybercrime activities) can be found in the restricted zones of sanctioned Myanmar – all facilitated by the corrupt Myanmar Border Force Guards put in place to police them. US-sanctioned Vietnam now has a thriving cybercrime market that came to prominence during the pandemic. The advent of software-as-a-service malware hacking tool kits becoming available on the Dark Web has led to a significant rise in cyberattacks. Vietnam’s own government agencies, communication lines, aviation authorities, energy sector and hospitals have all been breached and either been severely disrupted or had data stolen. The cost of these activities is said to be in excess of US$1 billion a year.

Smuggling, black markets and narco-terrorism

Drug cartels such as the Mexican Sinaloa Cartel, the Jalisco New Generation Cartel, Los Zetas, the Gulf Cartel, the Colombian Clan del Golfo, National Liberation Army (ELN) and the Revolutionary Armed Forces of Colombia (FARC) are the most well-known narcotic and illegal goods distributors. These cartels operate in conjunction with OCGs like the Japanese Yakuza, the Chinese Triads, and the Russian and Italian mafia. They are mainly active in Latin America, Africa and Asia.

In recent years, there has been co-operation between the world’s two largest drug cartels, OCGs and terror groups like Hezbollah, Hamas, the Islamic State in Syria and Iraq (ISIS) and the Taliban. They have assisted and profited from each other to trade and traffic illegal goods.

For example, the Lebanese terror group Hezbollah has for many years been smuggling drugs from Mexico to Lebanon in exchange for weapons and money from Mexican cartels. The Taliban is known for taxing opium production and trafficking in Afghanistan providing a huge revenue source for the terrorist group. Like the Taliban with their opium, the guerrilla group Spanish Fuerzas Armadas Revolucionarias de Colombia (FARC) taxes all coca production and distribution in Columbia.

Items being trafficked at present include:

Wildlife: According to the US Immigrations Customs and Enforcement, illegal fishing crimes in 2023 account for an estimated US$4 to US$9 billion a year. Illegal wildlife trafficking is estimated at US$9 to US$10 billion a year, and illicit trading of timber at US$7 billion a year. When combined – approximately US$27 billion – these elements make wildlife crime the fourth most lucrative illegal trade following narcotics, human trafficking and counterfeit goods.

South Africa and Tanzania are the two main countries where abuses to animals take place (especially trade in rhino horn ivory and pangolins). They are usually exported using trade routes through Malaysia and Laos, to consumers in both Vietnam and China. In 2022, the Malaysian OCG crime boss Teo Boon Ching and his wildlife front organisations were brought down by US officials.

Weapons: Many of the weapons sent by the US to conflict-affected countries like Ukraine have failed to arrive (a US law violation) suggesting that they ended up in Russian and ROCG hands. Rumours of Mexican cartel members being apprehended with weapons destined for Ukraine have been refuted, but it cannot be considered beyond the realms of possibility given that the weapons have not been accounted for.

Opioids: China and Russia’s evasion of US-imposed sanctions has directly and indirectly facilitated the growth of the international opioid industry. China has historically been a major producer of synthetic opioids, such as fentanyl. Chinese manufacturers have discovered methods to bypass regulations, contributing significantly to the illicit opioid trade epidemic.

China also directly assists Mexican cartels in laundering cartel-held dollars in US banks using sophisticated transfer loopholes. In the US, Chinese citizens can currently only transfer US$50,000 annually. The Chinese elite evade this law by buying US dollars from laundering operations in the US that happily exchange dollars for Chinese Yuan. This even includes a commission fee in favour of the Chinese.

In turn, Mexican cartels assist the Chinese by importing their manufactured fentanyl, which they press into pills in Mexico and ship back to the US for illegal distribution, under the guise of prescription medication.

Russia, indirectly, also supports OCG trade in opioids through illicit transactions and money laundering. Channels used to move funds unnoticed during sanctions create opportunities for ROCGs to launder profits and continue funding international opioid/drug operations.

Oil: Since 2021, Russia has decided to redirect oil to China and India despite Western sanctions. This relationship is alleged to ensure global energy security and supply. However, this evasion has given Russia the opportunity to limit its dependence on the West, while essentially diluting the effects of sanctions. And China’s and India’s readiness to accept imported sanctioned oil exacerbates energy security issues. China and India could also find themselves susceptible to political tensions and negative consequences as a result of this newfound dependence.

Human trafficking: The war in Ukraine has seen its security and governing powers diminish over time. The flow of illicit goods across borders has reached all-time highs. Not only have sanctioned goods, weapons and narcotics been changing hands, but there has also been a rise in people trafficking – especially young men who are fit for military work.

Corruption, state complicity and money laundering

Corrupt law enforcement, officials and politicians facilitate the activities of OCG operations. In Mexico, politicians have colluded with drug cartels which has led to OCG personnel gaining access to local and state governments. The same can be said for Columbia.

In Eastern Europe, war-torn Ukraine is also battling corruption within its own enforcement network and this has seen OCG activity thrive. Prior to the invasion, capturing Ukrainian OCG members was a major challenge, fraught with difficulty, as government officials had historically been protecting and assisting their illicit activities.

Given Ukraine’s unique location – bordering Belarus in the north, the EU to the west, and the Black Sea in the south – it has long been known to intelligence agencies around the world as a melting pot for international organised crime and cybercriminal networks to base their operations.

Under the fog of war, Ukrainian OCGs are themselves moving illegal goods, narcotics, humans, humanitarian aid destined for Ukraine and looted stock (like grain stolen from their homeland). Russia’s state-linked ROCG families are also benefitting from the chaotic and unregulated circumstances. Prior to the invasion, it is said that Ukrainian and ROCGs regularly collaborated. Since the start of the war, however, this no longer occurs.

In Southeast Asia, there are numerous reports of corruption in the context of human trafficking. A major problem hotspot area is in Bali (Indonesia) that sees its people trafficked and exploited throughout Asia, including Brunei Darussalam, Cambodia, Lao, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam. Research by the United Nations Office on Drugs and Crime indicates that the smuggling of migrants and trafficking in persons could simply not occur on a large scale without the aid of corruption.

In central America, The Panama Papers scandal in 2015 saw 11.5 million documents (2.6 terabytes of data) leaked by an unknown source from the Panamanian law firm, Mossack Fonesca (MF), that operated in thirty-five jurisdictions for over four decades. The documents were received by the German publishing house, Süddeutsche Zeitung, which were then forwarded to the International Consortium of Investigative Journalists in 2016. This global network of 190 journalists based in sixty-five countries spent months examining the data and established that many of the shell businesses created by MF were used for illicit activities like fraud, tax evasion and the evasion of international sanctions.

MF also concealed the identity of owners who were subject to imposed sanctions. In order to do this, it created companies, trusts and foundations, and collaborated with 14,000 law firms and financial institutions including Deutsche Bank, HSBC, Société Générale, Credit Suisse, Commerzbank and Nordea.

MF also formed corporate entities for clients in Panama, the British Virgin Isles, the Bahamas, Anguilla, the Seychelles, Niue, Samoa, the UK and the USA (Delaware, Nevada and Wyoming).

These shell firms covertly operated in favour of criminals, mafia members and thirty-five individuals and entities sanctioned by the US Treasury from countries that include Iran, Syria, Zimbabwe and North Korea. It was acknowledged that some of these clients existed prior to the sanctions being applied. However, MF continued to represent them. MF staunchly denied knowledge of client links to rogue regimes.

MF worked with Rami Makhlouf (Bashar Al-Assad’s cousin). At the time, he was one of Syria’s wealthiest businesspeople, worth US$5 billion. The US described him as a ‘poster boy for corruption’ and had banned him since 2008. MF fronted six businesses for him. MF also continued to do business with sanctioned United Arab Emirates firms Pangates International Corporation Ltd, Maxima Middle East Trading, and Morgan Additives Manufacturing Co Ltd, as well as Helene Mathieu Legal Consultants, via vehicles in the Seychelles.

The US Treasury had imposed sanctions on all these entities for evading restrictions on the Assad regime by supplying them with petroleum. MF was also linked to North Korea’s nuclear programs via DCB Finance Ltd. DCB was a known front for North Korea’s Daedong Credit Bank, which had previously provided financial assistance to the US-sanctioned Korea Mining Development Corporation. Leaked correspondence reveals that MF did not even query the affiliations or subject their wealthy North Korean clients to further screening.

Regional hotspots

The Western Balkans has recently been reported as a major gateway for sanctioned Russian money to cross borders covertly, thanks to a weak law and high presence of organised crime. The war in Ukraine has enabled Russia to transfer huge sums of cash through the region to strategic sources with little disruption. The illicit global money transfer trade is believed to total US$1.6 trillion.

The Balkans is a hot bed for OCG trade. It sits right on the doorstep of the EU and facilitates the ancient Silk Road trade routes from Afghanistan, Iran, Turkey and into Bulgaria or Greece. Goods range from heroin, cocaine, cannabis and cigarettes to weapons and people. The EU is thought to now be the world’s largest market for heroin use. Most synthetic drugs like ecstasy and methamphetamine are now manufactured in the Balkans and the Netherlands.

In Latin America, Cuba, Venezuela and Nicaragua are all under imposed sanctions. Venezuela is currently under sanctions from the US, the EU, Canada, Mexico, Panama and Switzerland. Following the success of the US ‘War on Drugs’ campaign in Columbia and Mexico, drug trafficking profits plummeted in Latin America. This prompted OCGs to move into illegal gold mining. The diversification proved so successful in Peru and Columbia (two of the world’s biggest producers of cocaine) that the value of illegal gold exports surpassed that of cocaine. Now, 80–90% of gold mined in Venezuela is done so illegally. The money involved in this illegal theft, extortion and trafficking of gold is staggering.

The Columbian government believes that 20% of FARC’s funding comes from illegal gold mining. The 34th Front of FARC alone generated US$1 million a month from extorting miners. The government in Peru says that 35 tons of illegal gold, valued at over US$1 billion, was shipped to Lima then onto the US and Switzerland during February and October 2014. From 2006, 68 tons of gold that was illegally removed from the Amazon was trafficked from Bolivia.

In Southeast Asia, sanctioned Myanmar has also seen a rise in OCG activity as Myanmar Border Force Guards aligned with local and Chinese OCGs to operate illegal gambling and vast online scamming operations. Following the coup in 2021, Myanmar became demarcated by zones. The notorious KK Park Zone went viral on TikTok as it harvested and trafficked the organs of victims who refused to work in Myanmar’s OCG scamming offices. US-sanctioned Vietnam is now a prolific cybercrime hotspot. 


War-torn regions and sanctioned countries have seen OCGs and state actors exploiting the chaotic and unregulated borders to conduct illegal activities. The scale of this problem highlights the occurrence and facilitation of corruption at state level, and the hardships faced in sustaining international security during this period.

To download a copy of this article, please click here.

Scroll to Top