U.S. Sanctions Russia-Based Aeza Group for Supporting Global Cybercrime

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has added the bulletproof hosting (BPH) services provider Aeza Group to its Specially Designated Nationals (SDN) list. This list includes individuals and organizations deemed to pose threats to U.S. national security. BPH service providers sell access to internet infrastructures that enable cybercriminals, including ransomware actors, personal information stealers, and illegal drug vendors, to evade detection and disruption of their malicious activities.

The OFAC stated that the U.S. is sanctioning the Russia-based web hosting company for its role in supporting cybercrimes that target victims in the U.S. and around the world. The agency highlighted that the Aeza Group provided BPH services to ransomware and malware groups such as the Meduza and Lumma infostealer operators, which targeted U.S. defense industrial base and technology companies. Additionally, the Aeza Group hosted the BianLian ransomware, RedLine infostealer panels, and BlackSprut, a Russian darknet marketplace for drugs.

Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith emphasized the reliance of cybercriminals on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs. The OFAC also sanctioned affiliated companies, including the UK front Aeza International, along with CEO Arsenii Aleksandrovich Penzev, general director Yurii Meruzhanovich Bozoyan, technical director Vladimir Vyacheslavovich Gast, and co-owner Igor Anatolyevich Knyazev. The designation prohibits U.S. transactions involving the properties and interests of the sanctioned groups and individuals.

The U.S. Treasury Department has also taken action against a TRON cryptocurrency wallet address associated with the Aeza Group. On-chain analysis linked the wallet to over $350,000 in cryptocurrency, with some transactions traced to darknet vendors and malware distributors. This action underscores the Treasury's commitment to disrupting the financial networks that support cybercriminal activities.

The sanctions against the Aeza Group and its affiliates are part of a broader effort to combat cybercrime and protect national security. By targeting BPH service providers, the U.S. aims to disrupt the infrastructure that enables cybercriminals to operate with impunity. The sanctions send a clear message to other entities involved in similar activities, highlighting the consequences of supporting cybercrime.

The Aeza Group's involvement in hosting ransomware and malware groups, as well as its role in facilitating darknet marketplaces, underscores the complex and interconnected nature of cybercrime. The sanctions against the group and its affiliates are a significant step in the ongoing effort to combat cyber threats and protect victims around the world. The U.S. Treasury's actions demonstrate a commitment to using financial tools to disrupt the operations of cybercriminals and hold them accountable for their actions.