Full Report
This article is the result of a collaboration with The Sunday Times. You can find their corresponding piece here. On the last Friday in December, a German businessman in his mid-40s allegedly met a small aircraft on a dusty runway in remote Western Australia. The following evening in Perth, seven hours’ drive south, he and […] The post Nowhere to Run: The Online Footprint of an Alleged Kinahan Cartel Associate appeared first on bellingcat.
Analysis Summary
# Threat Actor: Oliver Andreas Herrmann (Associated with Kinahan Organized Crime Group)
## Attribution & Identity
The individual identified is **Oliver Andreas Herrmann** (44, German businessman, marathon runner, and director of multiple companies). He is alleged to have **close financial ties to Christy Kinahan**, the founder of the international drug cartel known as the **Kinahan Organized Crime Group** (also referenced as the US-sanctioned Kinahan group). Herrmann allegedly acted as Kinahan's representative on the ground in Indonesia and was referred to as Kinahan's subordinate ("Kinahan was Oliver’s boss").
Known Aliases/Associations:
* Associated with **Christy Kinahan** and the **Kinahan Organized Crime Group**.
* Co-accused in the drug trafficking operation: Falconer (surname not fully provided in initial context).
## Activity Summary
The primary activity detailed is an alleged large-scale drug trafficking scheme that culminated in arrests in Perth, Western Australia, on December 28, 2024.
* **Operation Name:** Australian Federal Police (AFP) Operation "Mirkwood".
* **Incident:** Arrest of Herrmann and an associate for allegedly trafficking a commercial quantity of cocaine (estimated 200kg, street value AUD $65 million).
* **Timeline:** The investigation began in October. Herrmann allegedly met an aircraft at **Overlander Airstrip** on December 27, 2024, before meeting his co-accused in Perth the following day.
* **Background Links:** Analysis suggests Herrmann has connections to areas associated with Christy Kinahan, including locations in South Africa and Harare, Zimbabwe.
## Tactics, Techniques & Procedures
The description focuses more on logistics and criminality than typical cyber TTPs.
- Alleged high-value physical drug smuggling using small aircraft/private aviation logistics.
- Use of pre-arranged physical meetings (e.g., at remote airstrips).
- Potential for complex international financial networks inferred from corporate links.
- Use of specific concealment methods (cocaine packed in single one-kilogram blocks in suitcases).
## Targeting
- Sectors: Organized Crime Syndicate (specifically drug trafficking/narcotics trade).
- Geography: The core incident occurred in **Western Australia** (Perth, Overlander Airstrip, Kojonup Airport). Herrmann has traceable links to **Indonesia**, **South Africa**, and **Zimbabwe**.
- Victims: The primary victims are the illicit narcotics market and law enforcement entities actively prosecuting the case (AFP). Specific organizations were not mentioned as target victims of espionage or attack.
## Tools & Infrastructure
- **Malware Families Used:** None specified (Focus is physical crime).
- **Infrastructure/Equipment Seized:**
- Night vision goggles.
- Aviation equipment/Airband VHF radio.
- Hardware cryptocurrency wallet.
- Communication devices (electronic devices).
- Vehicles (hired car mentioned for transportation).
- **C2/Domains:** None specified.
## Implications
This case highlights the physical transnational reach of the Kinahan Organized Crime Group into Oceania, specifically using high-level expatriate individuals (Herrmann) with established international business structures to facilitate large-scale illegal narcotics importation. The link to a hardware cryptocurrency wallet suggests potential use for storing or moving illicit funds, indicating a modern approach to financial operations within the cartel structure.
## Mitigations
- Increased vigilance regarding foreign business nationals involved in international logistics or aviation who exhibit non-standard profiles (e.g., champion marathon runner operating as a director of diverse international firms) potentially linked to sanctioned entities.
- Enhanced screening and monitoring of goods and passengers arriving via private or non-commercial aviation in remote airstrips.
- Strong intelligence sharing between international law enforcement regarding known associates of sanctioned transnational criminal organizations like the Kinahan Group.