The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world.
The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well as Aeza Logistic LLC, Cloud Solutions LLC, and four individuals linked to the company –
- Arsenii Aleksandrovich Penzev, CEO and 33% owner of Aeza Group
- Yurii Meruzhanovich Bozoyan, general director and 33% owner of Aeza Group
- Vladimir Vyacheslavovich Gast, technical director who works closely with Penzev and Bozoyan
- Igor Anatolyevich Knyazev, 33% owner of Aeza Group who manages the operations in the absence of Penzev and Bozoyan
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
It’s worth noting that Penzev was arrested in early April 2025 on charges of leading a criminal organization and enabling large-scale drug trafficking by hosting BlackSprut, an illicit drugs marketplace on the dark web. Bozoyan and two other Aeza employees, Maxim Orel and Tatyana Zubova, were also detained.
“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith.
“Treasury, in close coordination with the U.K. and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”
BPH services have been godsend for threat actors as they are known to deliberately ignore abuse reports and law enforcement takedown requests. This makes them a resilient option for attackers to host their malicious infrastructure, including phishing sites, command-and-control (C2) servers, without any consequences.
Headquartered in St. Petersburg, Aeza Group is accused of leasing its services to various ransomware and information stealer families, such as BianLian, RedLine, Meduza, and Lumma, some of which have been used to target U.S. defense industrial base and technology companies and other victims worldwide.
What’s more, a report published by Correctiv and Qurium last July detailed the use of Aeza’s infrastructure by the pro-Russian influence operation dubbed Doppelganger. Another threat actor that has availed the services of Aeza is Void Rabisu, the Russia-aligned threat actor behind RomCom RAT.
The development comes nearly five months after the Treasury sanctioned another Russia-based BPH service provider named Zservers for facilitating ransomware attacks, such as those orchestrated by the LockBit group.
Last week, Qurium also linked a Russian web hosting and proxy provider named Biterika to distributed denial-of-service (DDoS) attacks against two Russian independent media outlets IStories and Verstka.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Vercel’s v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale