The U.S. Division of the Treasury’s Workplace of Overseas Property Management (OFAC) has levied sanctions in opposition to Russia-based bulletproof internet hosting (BPH) service supplier Aeza Group to help risk actors of their malicious actions and focusing on victims within the nation and the world over.
The sanctions additionally lengthen to its subsidiaries Aeza Worldwide Ltd., the U.Ok. department of Aeza Group, in addition to Aeza Logistic LLC, Cloud Options LLC, and 4 people linked to the corporate –
- Arsenii Aleksandrovich Penzev, CEO and 33% proprietor of Aeza Group
- Yurii Meruzhanovich Bozoyan, normal director and 33% proprietor of Aeza Group
- Vladimir Vyacheslavovich Gast, technical director who works carefully with Penzev and Bozoyan
- Igor Anatolyevich Knyazev, 33% proprietor of Aeza Group who manages the operations within the absence of Penzev and Bozoyan
It is value noting that Penzev was arrested in early April 2025 on costs of main a legal group and enabling large-scale drug trafficking by internet hosting BlackSprut, a bootleg medicine market on the darkish internet. Bozoyan and two different Aeza workers, Maxim Orel and Tatyana Zubova, have been additionally detained.
“Cybercriminals proceed to rely closely on BPH service suppliers like Aeza Group to facilitate disruptive ransomware assaults, steal U.S. expertise, and promote black-market medicine,” mentioned Appearing Underneath Secretary of the Treasury for Terrorism and Monetary Intelligence Bradley T. Smith.
“Treasury, in shut coordination with the U.Ok. and our different worldwide companions, stays resolved to reveal the important nodes, infrastructure, and people that underpin this legal ecosystem.”
BPH companies have been godsend for risk actors as they’re recognized to intentionally ignore abuse studies and regulation enforcement takedown requests, typically working in nations with weak enforcement or deliberately imprecise authorized requirements. This makes them a resilient possibility for attackers to host their malicious infrastructure, together with phishing websites and command-and-control (C2) servers, with out disruption or penalties.
Headquartered in St. Petersburg, Aeza Group is accused of leasing its companies to numerous ransomware and knowledge stealer households, comparable to BianLian, RedLine, Meduza, and Lumma, a few of which have been used to focus on U.S. protection industrial base and expertise firms and different victims worldwide.
What’s extra, a report printed by Correctiv and Qurium final July detailed the usage of Aeza’s infrastructure by the pro-Russian affect operation dubbed Doppelganger. One other risk actor that has availed the companies of Aeza is Void Rabisu, the Russia-aligned risk actor behind RomCom RAT.
In keeping with Chainalysis, a TRON cryptocurrency tackle related to Aeza Group has acquired greater than $350,000 in crypto and cashed out at numerous deposit addresses at completely different exchanges. These deposit addresses have additionally acquired funds from a darknet vendor peddling a stealer malware, Garantex, and an escrow service used for promoting objects on a well-liked gaming platform.
“The designated tackle seems to operate as an administrative pockets, dealing with cash-outs from the cost processor, forwarding funds to numerous exchanges, and sometimes receiving direct funds for Aeza’s companies,” the corporate mentioned.
The event comes almost 5 months after the Treasury sanctioned one other Russia-based BPH service supplier named Zservers for facilitating ransomware assaults, comparable to these orchestrated by the LockBit group.
Final week, Qurium additionally linked a Russian website hosting and proxy supplier named Biterika to distributed denial-of-service (DDoS) assaults in opposition to two Russian unbiased media retailers IStories and Verstka.
These sanctions kind a part of a broader effort to dismantle the ransomware provide chain by focusing on important enablers like malicious internet hosting, C2 servers, and darkish internet infrastructure. As risk actors shift ways, monitoring sanctioned entities, IP fame scores, and abuse-resilient networks is turning into central to trendy risk intelligence operations.
