U.S. Sanctions Russia-Based Aeza Group for Cybercrime Facilitation

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Aeza Group LLC, a Russia-based hosting provider, for its role in facilitating cybercriminal activities. The sanctions, announced on July 1, 2025, target the company and its executives for providing bulletproof hosting services that enable ransomware attacks, data theft, and other malicious cyber activities. This action is part of a broader effort to disrupt the infrastructure that supports large-scale cybercrime operations globally.

The sanctions extend to Aeza Group’s global network, including Aeza International Ltd. in the UK and other affiliated businesses. This comprehensive approach aims to address the international scope of modern cybercrime infrastructure, which often spans multiple jurisdictions. The designation follows OFAC’s previous action in February 2025 against ZServers, another hosting provider involved in similar activities.

Aeza Group’s services included dedicated servers advertised from Moscow-based locations, providing a resilient hosting infrastructure for criminal operations. The company’s bulletproof hosting services allowed cybercriminals to maintain operational security while conducting their illicit activities. The sanctions target the supply chain that supports these operations, rather than individual threat actors, aiming to disrupt the foundational infrastructure that enables large-scale cybercrime.

OFAC’s designation includes one TRON cryptocurrency address, TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F, associated with Aeza Group’s payment infrastructure for illicit hosting services. On-chain analysis reveals that Aeza Group relied on payment processors to receive payments for hosting services, obscuring the traceability of customer deposits through intermediary systems. The specified address manages cash-outs from payment processors, transfers money to other cryptocurrency exchanges, and occasionally receives direct payments for Aeza’s services. This wallet received more than $350,000 in cryptocurrency while cashing out at multiple deposit addresses across different exchanges.

The deposit addresses utilized by Aeza also received funds via an escrow provider for transactions on gaming platforms and the Garantex exchange. Additional connections include a darknet vendor selling infostealer malware, which breaches computer systems to steal sensitive user information. This vendor was likely a client of Aeza, as regular payments from the infostealer vendor wallet to Aeza’s exchange deposit address match Aeza’s hosting service pricing structures. The payment patterns provide evidence of the hosting provider’s direct involvement with malicious actors operating infostealers and other cybercriminal tools.

OFAC’s action against Aeza Group is part of a broader strategy to disrupt the critical infrastructure dependencies used by cybercriminals for hosting malicious content and remaining online. By targeting service providers that facilitate ongoing malicious operations, the authorities aim to make it operationally difficult for cybercriminal groups that depend on robust infrastructure for running their operations. This enforcement action reflects the government’s dedication to disrupting service providers enabling criminality, rather than responding to individual attacks.