The US Treasury Department’s Office of Foreign Assets Control (OFAC) imposes sanctions against the AEZA Group, a Russian-based bulletproof hosting (BPH) service provider, helping to target threat activities and victims from around the country and around the world.
The sanctions are also extended to subsidiary AEZA International Ltd., the UK branch of AEZA Group, and to four individuals linked to AEZA Logistic LLC, Cloud Solutions LLC, and the company.
ARSENII ALEKSANDROVICH PENZEV is the CEO, 33% owner and general director of AEZA group Yurii Meruzhanovich Bozoyan, and the absence of technical directors Penzev and Bozoyan Anatolyevich Knyazev, who are the CEO, 33% owner of Aeza group Vladimir Vyacheslavovich Gast, and the professional artisans of Penzev and Bozoyan Igor Anatolyevich knyazev
It is worth noting that Penzev was arrested in early April 2025 on charges that allowed large-scale drug trafficking by leading a criminal organization and hosting BlackSprut, an illegal drug market on the dark web. Bozoyan and two other Aeza employees, Maxim Orel and Tatyana Zubova, were also taken into custody.
“Cybercriminals continue to rely heavily on BPH service providers like the AEZA group, promoting destructive ransomware attacks, stealing US technology and selling black market drugs,” says Bradley T. Smith, Action and Financial Information under Terrorism Secretary.
“The Treasury remains determined to work closely with the UK and other international partners to expose the key nodes, infrastructure and individuals that support this criminal ecosystem.”
BPH Services has been a gods blessing for threat actors as they are known to deliberately ignore abuse reports and law enforcement requests. This makes an attacker a resilient option for hosting malicious infrastructure, such as phishing sites, command and control (C2) servers.
The St. Petersburg-based Aeza Group has been accused of leasing services to a variety of ransomware and information steelers families, including Baianlian, Redline, Meduza and Lumma.
Additionally, a report released last July by Recreciv and Quarium detailed the use of Aeza’s infrastructure through a pro-Russian influence operation called Doppelganger. Another threat actor who used Aeza’s services is Void Rabisu, a Russian-lined threat actor behind Romcom Rat.
The development comes nearly five months after authorizing another Russian-based BPH service provider named Zservers to promote ransomware attacks, such as those coordinated by the Lockbit Group.
Last week, Qurium linked Russian web hosting and proxy providers to a proxy provider named Biterika to a distributed denial (DDOS) attack on two independent Russian media outlets and Verstka.
These sanctions form part of a broader effort to dismantle the ransomware supply chain by targeting critical enablers such as malicious hosting, command and control servers, and dark web infrastructure. As threat actors change their tactics, surveillance of authorized entities, IP reputation scores, and abuse-oriented networks is becoming central to modern threat intelligence practices.
Source link
