The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns.
The Treasury’s Office of Foreign Assets Control (OFAC) claims that Aeza’s services were utilized by the BianLian ransomware gang, for RedLine infostealer panels, and by BlackSprut, a Russian darknet marketplace that sold drugs to individuals in the United States and worldwide.
A bulletproof hosting service (BPH) is a company that deliberately ignores abuse complaints and law enforcement takedown requests, providing a safe environment for cybercriminals to host malware and conduct attacks.
Aeza was previously linked to a Russian disinformation campaign known as “Doppelgänger,” which cloned legitimate European and U.S. media sites to distribute propaganda targeting Western audiences.
OFAC has also sanctioned four individuals who the U.S. says are the primary operators of the Aeza Group:
- Arsenii Aleksandrovich Penzev (Penzev) is the CEO and 33% owner of Aeza Group.
- Yurii Meruzhanovich Bozoyan (Bozoyan) is the general director and 33% owner of Aeza Group.
- Vladimir Vyacheslavovich Gast (Gast) serves as the technical director for Aeza Group and collaborates closely with Penzev and Bozoyan.
- Igor Anatolyevich Knyazev (Knyazev) is the 33% owner of Aeza Group and manages the company in the absence of Penzev and Bozoyan.
All four individuals and related companies, Aeza International Ltd., Aeza Logistic LLC, and Cloud Solutions LLC, will now have their assets frozen in the U.S., and U.S. companies are prohibited from doing business with them or the Aeza Group.
Russian media previously reported that Bozoyan, Penzev, and other staff members were arrested in April for “illegal banking activities as part of an organized criminal group” and the hosting of the BlackSprut drugs marketplace.
The Treasury Department states that these sanctions build upon the agency’s previous action in February, which sanctioned the ZServers and Xhost bulletproof hosting providers used by the LockBit ransomware gang and other cybercriminals.