Article Details

U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware. The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world. The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well as Aeza Logistic LLC, Cloud Solutions LLC, and four individuals linked to the company - It's worth noting that Penzev was arrested in early April 2025 on charges of leading a criminal organization and enabling large-scale drug trafficking by hosting BlackSprut, an illicit drugs marketplace on the dark web. Bozoyan and two other Aeza employees, Maxim Orel and Tatyana Zubova, were also detained. "Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. "Treasury, in close coordination with the U.K. and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem." BPH services have been godsend for threat actors as they are known to deliberately ignore abuse reports and law enforcement takedown requests. This makes them a resilient option for attackers to host their malicious infrastructure, including phishing sites, command-and-control (C2) servers, without any consequences. Headquartered in St. Petersburg, Aeza Group is accused of leasing its services to various ransomware and information stealer families, such as BianLian, RedLine, Meduza, and Lumma, some of which have been used to target U.S. defense industrial base and technology companies and other victims worldwide. What's more, a report published by Correctiv and Qurium last July detailed the use of Aeza's infrastructure by the pro-Russian influence operation dubbed Doppelganger. Another threat actor that has availed the services of Aeza is Void Rabisu, the Russia-aligned threat actor behind RomCom RAT. The development comes nearly five months after the Treasury sanctioned another Russia-based BPH service provider named Zservers for facilitating ransomware attacks, such as those orchestrated by the LockBit group. Last week, Qurium also linked a Russian web hosting and proxy provider named Biterika to distributed denial-of-service (DDoS) attacks against two Russian independent media outlets IStories and Verstka.