The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed comprehensive sanctions on Aeza Group, a Russia-based bulletproof hosting (BPH) services provider that enabled cybercriminal activities worldwide.
The action, announced July 1, 2025, targets the critical infrastructure supporting ransomware operations, infostealers, and darknet drug marketplaces that threaten U.S. national security and economic stability.
Summary
1. U.S. sanctions Russian Aeza Group for providing bulletproof hosting to ransomware operators and darknet drug markets.
2. Hosted major cyber threats including BianLian ransomware, Meduza/Lumma infostealers, and BlackSprut drug marketplace.
3. Four executives sanctioned including CEO and General Director previously arrested by Russian authorities.
4. All U.S. assets frozen and American transactions with sanctioned entities now prohibited.
Aeza Bulletproof Hosting Provider Seized
Aeza Group, headquartered in St. Petersburg, Russia, operated as a key enabler of malicious cyber activities by providing specialized hosting services designed to help cybercriminals evade detection and resist law enforcement disruption.
The company’s bulletproof hosting infrastructure supported notorious ransomware groups, including BianLian operators and hosted command-and-control (C2) panels for the Meduza and Lumma infostealers, which specifically targeted the U.S. defense industrial base and technology companies.
The technical architecture provided by Aeza Group enabled these threat actors to maintain persistent access to compromised systems while harvesting personal identifying information, passwords, and sensitive credentials from victims.
These stolen credentials were subsequently monetized through darknet marketplaces, creating a self-sustaining cybercrime ecosystem.
Additionally, Aeza Group hosted BlackSprut, a Russian darknet marketplace facilitating illicit drug trafficking, including fentanyl precursor chemicals and manufacturing equipment.
OFAC designated four key individuals under Executive Order 13694: CEO Arsenii Aleksandrovich Penzev (33% owner), General Director Yurii Meruzhanovich Bozoyan (33% owner), Technical Director Vladimir Vyacheslavovich Gast, and Igor Anatolyevich Knyazev (33% owner).
Both Penzev and Bozoyan were previously arrested by Russian law enforcement for their involvement in hosting the BlackSprut marketplace on Aeza Group infrastructure.
Three affiliated companies were also sanctioned: Aeza International Ltd. (UK branch), Aeza Logistic LLC, and Cloud Solutions LLC, both 100% owned Russian subsidiaries.
Aeza International served as a front company to lease IP addresses to cybercriminals, including Meduza infostealer operators, demonstrating the international scope of the operation.
Sanctions Against Aeza Group
The sanctions block all U.S.-based property and interests of designated entities and prohibit American persons from conducting transactions with them.
Financial institutions risk exposure to secondary sanctions for engaging with blocked persons. OFAC’s action was coordinated with the UK’s National Crime Agency, reflecting international cooperation in combating cybercrime infrastructure.
Under the 50% rule, any entity majority-owned by sanctioned persons is automatically blocked. Violations may result in civil or criminal penalties, with OFAC maintaining strict liability enforcement standards for sanctions violations.
Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free
