U.S. Imposes Sanctions on Russia's Aeza Group for Facilitating Cybercrime with Bulletproof Hosting
TL;DR
The U.S. Treasury has sanctioned the Russia-based Aeza Group for providing bulletproof hosting services to global cybercriminals. This action targets the group’s affiliates, leaders, and infrastructure used by ransomware and malware operators. The sanctions aim to disrupt the critical support system for cybercrime, highlighting the ongoing efforts by international authorities to combat digital threats.
U.S. Sanctions Russia’s Aeza Group for Aiding Cybercriminals
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on the Russia-based Aeza Group for its role in aiding global cybercriminals through bulletproof hosting services. These services are designed to keep malicious content and illegal operations online, even when authorities attempt to shut them down. Unlike regular hosting providers, bulletproof hosts often ignore abuse reports and turn a blind eye to illegal activities, making them a crucial component of cybercrime infrastructure.
Understanding Bulletproof Hosting
Bulletproof hosting services are notorious for their resilience against takedown attempts. They achieve this by:
- Operating behind layers of anonymity
- Exploiting weak law enforcement in certain countries
- Constantly shifting server locations
These tactics make it extremely challenging for authorities to disrupt their operations.
Targets of the Sanctions
The sanctions extend beyond the Aeza Group to include:
- Two affiliates
- Four key leaders
- A UK-based front company
These entities and individuals are accused of managing and operating the infrastructure used by various cybercrime groups. Notably, the infrastructure supported ransomware and malware operations such as Meduza and Lumma infostealers, as well as data thieves and drug vendors.
“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith1.
Key Figures and Affiliates
The sanctions specifically target:
- Aeza International Ltd. (UK)
- Aeza Logistic LLC
- Cloud Solutions LLC
- Key figures: CEO Arsenii Penzev, General Director Yurii Bozoyan, Technical Director Vladimir Gast, and part-owner Igor Knyazev
Arsenii Penzev, who owns 33% of Aeza Group, has ties to illegal drug marketplaces and was previously arrested in Russia for hosting the illicit Blacksprut marketplace on Aeza’s infrastructure.
Previous Sanctions and Law Enforcement Actions
Earlier this year, on February 11, 2025, the U.S., UK, and Australia sanctioned another Russian bulletproof hosting provider, Zservers/XHost. This provider was linked to supporting Russian ransomware operations, including LockBit. The sanctions targeted two Russian administrators, Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov.
Shortly after, Dutch police took down 127 servers associated with Zservers/XHost, which were used by cybercrime groups like Conti and LockBit.
Conclusion
The U.S. Treasury’s sanctions against the Aeza Group and its affiliates highlight the ongoing international effort to disrupt the infrastructure supporting cybercrime. By targeting bulletproof hosting providers, authorities aim to dismantle the critical nodes that enable ransomware attacks, data theft, and illicit marketplaces. This action underscores the importance of global cooperation in combating digital threats and safeguarding technological infrastructure.
For more details, visit the full article: source
Additional Resources
For further insights, check:
- Meduza Stealer Released on Dark Web
- Lumma Infostealer Operations Dismantled
- LockBit Ransomware Advisory
References
-
Bradley T. Smith (2025). “U.S. Treasury Sanctions Russia-Based Aeza Group for Cybercrime Support”. U.S. Department of the Treasury. Retrieved 2025-07-02. ↩︎