Russian Bulletproof Host Also Designated a Front Company in the UK
The United States cut off from the U.S.-dominated international financial system a Russian provider of digital infrastructure to cybercriminal groups, accusing St. Petersburg-based Aeza Group of hosting infostealers and ransomware operations.
See Also: Beyond Replication & Versioning: Securing S3 Data in the Face of Advanced Ransomware Attacks
The U.S. Department of Treasury described Aeza as a bulletproof hosting service that’s provided services to the Meduza and Lumma infostealers and hosting to ransomware groups BianLian and RedLine. It has also hosted the Russian-language BlackSprut darknet marketplace for illicit drugs, federal officials said Tuesday.
Bulletproof hosting servers are run by administrators who ask few questions and don’t respond to takedown requests or court orders. The United Kingdom in tandem with U.S. authorities designated Aeza Group as a front company, meaning companies with British business should be careful not to violate existing U.K. sanctions by doing business with it.
The U.S. Department of Treasury named Arsenll Aleksandrovich Penzev as the CEO and third-part owner of Aeza. Yuril Meruzhanovich Bozoyan is the general director and another third-part owner. Treasury also named Vladimir Vyascheslavovich Gast as the technical director, Igor Anatolyevich Knyazev as the final part owner and the acting manager “during the absence of Penzev and Bozoyan.”
Russian media reported in April that Moscow authorities from the Ministry of Interior arrested Bozoyan and Aeza Group employees for “creating a criminal community.” Telegram channel Mash reported authorities also arrested Penzev. Treasury confirmed that both men were arrested by Russian law enforcement.
Cybersecurity researchers have previously linked Aeza Group to Russia-based influence operations widely tracked as Doppelgänger (see: Russia Uses AI, Evasion Tactics in Disinformation Drive).
Today’s Treasury announcement follows sanctions instituted in February against Zservers, another Russian bulletproof hosting provider (see: Feds Sanction Russian Cybercrime Bulletproof Hosting Service).
Researchers from European non-profits Qurium and EUDisinfoLab said in July 2024 they traced Aeza Group infrastructure to the Moscow M9 data center, as well as two data centers in Frankfurt, from where the operation had access to upstream capacity from a Czech and a German data center provider.
Today’s Treasury announcement follows sanctions instituted in February against Zservers, another Russian bulletproof hosting provider (see: Feds Sanction Russian Cybercrime Bulletproof Hosting Service).
