Jul 02, 2025Ravie LakshmananCybercrime / Darkish Internet
The U.S. Division of the Treasury’s Workplace of Overseas Belongings Management (OFAC) has levied sanctions towards Russia-based bulletproof internet hosting (BPH) service supplier Aeza Group to help menace actors of their malicious actions and focusing on victims within the nation and internationally.
The sanctions additionally prolong to its subsidiaries Aeza Worldwide Ltd., the U.Okay. department of Aeza Group, in addition to Aeza Logistic LLC, Cloud Options LLC, and 4 people linked to the corporate –
Arsenii Aleksandrovich Penzev, CEO and 33% proprietor of Aeza Group
Yurii Meruzhanovich Bozoyan, common director and 33% proprietor of Aeza Group
Vladimir Vyacheslavovich Gast, technical director who works intently with Penzev and Bozoyan
Igor Anatolyevich Knyazev, 33% proprietor of Aeza Group who manages the operations within the absence of Penzev and Bozoyan
It is value noting that Penzev was arrested in early April 2025 on prices of main a legal group and enabling large-scale drug trafficking by internet hosting BlackSprut, a bootleg medicine market on the darkish net. Bozoyan and two different Aeza staff, Maxim Orel and Tatyana Zubova, had been additionally detained.
“Cybercriminals proceed to rely closely on BPH service suppliers like Aeza Group to facilitate disruptive ransomware assaults, steal U.S. expertise, and promote black-market medicine,” stated Appearing Beneath Secretary of the Treasury for Terrorism and Monetary Intelligence Bradley T. Smith.
“Treasury, in shut coordination with the U.Okay. and our different worldwide companions, stays resolved to show the crucial nodes, infrastructure, and people that underpin this legal ecosystem.”
BPH companies have been godsend for menace actors as they’re recognized to intentionally ignore abuse reviews and regulation enforcement takedown requests, typically working in nations with weak enforcement or deliberately imprecise authorized requirements. This makes them a resilient possibility for attackers to host their malicious infrastructure, together with phishing websites and command-and-control (C2) servers, with out disruption or penalties.
Headquartered in St. Petersburg, Aeza Group is accused of leasing its companies to varied ransomware and knowledge stealer households, similar to BianLian, RedLine, Meduza, and Lumma, a few of which have been used to focus on U.S. protection industrial base and expertise corporations and different victims worldwide.
What’s extra, a report printed by Correctiv and Qurium final July detailed using Aeza’s infrastructure by the pro-Russian affect operation dubbed Doppelganger. One other menace actor that has availed the companies of Aeza is Void Rabisu, the Russia-aligned menace actor behind RomCom RAT.
The event comes practically 5 months after the Treasury sanctioned one other Russia-based BPH service supplier named Zservers for facilitating ransomware assaults, similar to these orchestrated by the LockBit group.
Final week, Qurium additionally linked a Russian hosting and proxy supplier named Biterika to distributed denial-of-service (DDoS) assaults towards two Russian impartial media retailers IStories and Verstka.These sanctions kind a part of a broader effort to dismantle the ransomware provide chain by focusing on crucial enablers like malicious internet hosting, C2 servers, and darkish net infrastructure. As menace actors shift techniques, monitoring sanctioned entities, IP popularity scores, and abuse-resilient networks is turning into central to trendy menace intelligence operations.
Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.
