U.S. Treasury Sanctions Russia-Based Aeza Group Over Cybercrime Ties Freezes $350,000 in Cryptocurrency

The U.S. Treasury Department has taken a significant step in its ongoing efforts to combat cybercrime by sanctioning the Russia-based Aeza Group. The group, known for providing bulletproof hosting (BPH) services, has been accused of aiding cybercriminal operations. As part of this action, the Treasury Department froze a cryptocurrency wallet linked to Aeza Group, which held over $350,000 in digital assets.

Bulletproof hosting services are designed to offer secure and anonymous infrastructure to cybercriminals, making it difficult for law enforcement to detect and shut down their operations. These services are commonly used by ransomware groups, data thieves, and online drug vendors to carry out and conceal their illegal activities.

The Treasury Department's Office of Foreign Assets Control (OFAC) named four Aeza Group officials—Penzev, Bozoyan, Gast, and Knyazev—for their roles in the organization. The sanctions also targeted two affiliated companies and Aeza International Ltd., a UK-based front company, in coordination with the United Kingdom’s National Crime Agency.

The St. Petersburg-based hosting provider has been supporting various cybercriminal groups, including ransomware operators like BianLian and info-stealer operators behind RedLine, Lumma, and Meduza. The Treasury Department alleges that the platform enabled attacks on U.S. defense and tech firms and aided the Russian darknet drug market BlackSprut.

Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith emphasized the importance of dismantling the infrastructure that supports cybercrime. "Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs," Smith stated.

The frozen cryptocurrency wallet, which was TRON-based, was used by Aeza Group for collecting payments, cashing out funds through various exchanges, and occasionally receiving direct customer payments. On-chain analysis linked the wallet to over $350,000 in cryptocurrency, with some transactions traced to darknet vendors and malware distributors.

This action by the Treasury Department is part of a broader effort to disrupt the infrastructure that supports cybercrime. In February 2025, OFAC sanctioned ZServers, another known bulletproof hosting provider used by cybercriminals. The department has also imposed sanctions on Russia-linked crime, including restrictions on access to U.S. software and IT services, and secondary sanctions on foreign firms supporting Moscow.

Additionally, OFAC has targeted other individuals involved in illicit activities, such as Russian national Andrey Dmitriyevich Sudakov, who was sanctioned for allegedly laundering cryptocurrency from gold sales via front companies. Another notable sanction includes Iranian national Behrouz Parsarad, the administrator of the dismantled darknet marketplace Nemesis, which facilitated $30 million in illegal drug sales.

The Treasury Department's actions highlight its commitment to dismantling the ecosystem that supports cybercrime, working closely with international partners to achieve this goal. By targeting the infrastructure that enables these activities, the department aims to make it more difficult for cybercriminals to operate and evade law enforcement.