Global authorities have united to sanction Aeza Group, a Russian "bulletproof hosting" provider, for its alleged role in facilitating ransomware attacks, data theft, and illicit drug trafficking. The coordinated action by the U.S., U.K., and Australia targets the company's infrastructure and key individuals, aiming to dismantle a critical enabler of cybercrime worldwide.

International Crackdown on Cybercrime Enabler

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), in collaboration with the U.K.'s National Crime Agency and Australian authorities, announced sanctions against Aeza Group. This St. Petersburg-based company is accused of providing "bulletproof hosting" (BPH) services, which allow cybercriminals to operate with impunity by offering specialized servers and infrastructure designed to evade detection and law enforcement efforts.

• Key Takeaways:Aeza Group sanctioned by U.S., U.K., and Australia for enabling cybercrime.Provided "bulletproof hosting" services to ransomware gangs and darknet markets.Sanctions target the company, its subsidiaries, and four key leaders.Follows previous sanctions against other Russian BPH providers.

Aeza Group's Alleged Activities

Aeza Group's services reportedly supported a wide array of illicit activities, including:

• Ransomware Operations: Hosting for prominent ransomware groups like BianLian.

• Info-Stealer Support: Facilitating operators of info-stealing malware such as Meduza, RedLine, and Lumma, which target sensitive data from U.S. defense and technology companies.

• Darknet Market Facilitation: Providing infrastructure for BlackSprut, a Russian darknet marketplace involved in illicit drug sales, including fentanyl precursors.

• Disinformation Campaigns: Linked by cybersecurity researchers to the pro-Kremlin Doppelgänger disinformation campaign.

Sanctioned Entities and Individuals

The sanctions extend beyond Aeza Group itself to include its affiliated companies and key personnel:

• Companies:

• Individuals:

Penzev and Bozoyan were previously arrested by Russian authorities in connection with the BlackSprut drug marketplace. The sanctions also target a cryptocurrency wallet linked to Aeza Group, which allegedly processed over $350,000 in transactions for illicit hosting services.

Broader Efforts Against Cybercrime Infrastructure

This action is part of a larger international effort to dismantle the infrastructure supporting global cybercrime. Authorities have increasingly focused on BPH providers, recognizing their critical role in enabling malicious activities. Previous actions include:

• Zservers Sanctions: In February, the U.S., U.K., and Australia sanctioned Zservers, another Russian BPH provider, for its support of the LockBit ransomware operation.

• Arrests and Prosecutions: Law enforcement agencies have pursued arrests and convictions of individuals involved in BPH services, such as Mihai Ionut Paunescu of PowerHost[.]ro and Aleksandr Grichishkin.

These coordinated efforts underscore a growing commitment among international partners to disrupt the financial and technical networks that underpin ransomware attacks, data theft, and other cyber-enabled crimes.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work, The Record from Recorded Future News.

• US Sanctions Russia’s Aeza Group for Cybercrime Support | Ukraine news, mezha.net.

• U.S. Sanctions Russian Bulletproof Hosting Service for Supporting LockBit Ransomware Attacks, The HIPAA Journal.

• U.S. Treasury Sanctions Bulletproof Hosting Firm Fueling Ransomware Campaigns, GBHackers News.

• US Sanctions Russian Cybercrime Group Aeza for Hosting Ransomware and Global Attacks — UNITED24 Media, UNITED24 Media.