The U.S. Treasury Department has imposed sanctions on the Russia-based Aeza Group for supporting cybercriminals through bulletproof hosting services.
According to the Office of Foreign Assets Control (OFAC), Aeza Group knowingly provided hosting infrastructure to malicious actors, allowing them to operate phishing sites, distribute malware, run ransomware campaigns, and maintain underground marketplaces without interruption.
Bulletproof hosting providers are distinct from regular web hosts because they often ignore abuse complaints, resist takedown efforts, and operate in jurisdictions with weak enforcement. These services are built to shield illegal activities by using anonymity tools, rotating servers, and leveraging lenient legal environments.
The U.S. coordinated this action with the United Kingdom’s National Crime Agency, sanctioning not only Aeza Group but also two affiliates, four leadership figures, and a UK-based front company. The group’s infrastructure has reportedly been used by threat actors behind malware like Lumma and Meduza, as well as data thieves and illicit drug vendors.
Bradley T. Smith, Acting Under Secretary for Terrorism and Financial Intelligence, said the sanctions are part of a broader effort to disrupt the global cybercrime ecosystem. “Cybercriminals continue to rely heavily on bulletproof hosting providers like Aeza Group to facilitate ransomware attacks, steal sensitive technologies, and sell illicit drugs,” he said.
Sanctioned entities include Aeza International Ltd. (UK), Aeza Logistic LLC, and Cloud Solutions LLC. Individuals named include CEO Arsenii Penzev, General Director Yurii Bozoyan, Technical Director Vladimir Gast, and part-owner Igor Knyazev. Penzev, who owns a third of Aeza Group, was previously arrested in Russia for hosting the illegal Blacksprut marketplace on Aeza’s infrastructure.
This move follows similar sanctions issued on February 11, 2025, against Zservers/XHost, another Russian bulletproof hosting provider. That action, taken jointly by the U.S., U.K., and Australia, targeted Zservers administrators Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov for supporting ransomware groups like LockBit.
Shortly afterward, Dutch authorities took down 127 servers tied to Zservers/XHost. The servers, located in Amsterdam, were found to have been used by high-profile cybercrime groups, including Conti and LockBit.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
