U.S. Treasury sanctions Russia-based bulletproof hosting provider for enabling cybercriminal activity

The U.S. Department of the Treasury announced yesterday a significant action against the cybercrime ecosystem, designating Aeza Group for its role in supporting malicious actors. The sanctions extend to two affiliated companies and four of the group's leaders.

The company provided infrastructure for ransomware gangs like BianLian and info-stealing malware operations such as Meduza and Lumma. These groups have been linked to attacks targeting the U.S. defense industrial base and technology companies worldwide. Info-stealers are used to harvest sensitive credentials and personal data, which are then often sold on darknet markets.

Furthermore, Aeza Group hosted BlackSprut, a major Russian darknet marketplace for illegal drugs. The Treasury noted that platforms like this play a significant role in trafficking fentanyl and other narcotics into the United States.

Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs. — Acting Under Secretary, Bradley T. Smith.

This action, coordinated with the United Kingdom’s National Crime Agency, blocks all property and interests in property of Aeza Group and its leadership within the United States. It also prohibits any U.S. persons or entities from engaging in transactions with them. The designated individuals include CEO Arsenii Penzev and General Director Yurii Bozoyan, who have been arrested by Russian authorities for their involvement with the BlackSprut marketplace.