U.S. Treasury Sanctions Bulletproof Hosting Firm Linked to Ransomware Gangs

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sweeping sanctions on July 1, 2025, against Aeza Group, a Russia-based bulletproof hosting (BPH) provider, for facilitating a wide range of cybercriminal activities worldwide.

The move, coordinated with the United Kingdom’s National Crime Agency (NCA), also targets Aeza’s network of affiliated companies and four senior executives, underscoring a transatlantic effort to disrupt the infrastructure underpinning ransomware, data theft, and illicit online drug markets.

Sponsored

class="wp-block-heading">Bulletproof Hosting:

Bulletproof hosting is a specialized internet infrastructure service that provides cybercriminals with resilient servers and network resources designed to evade law enforcement and ignore abuse complaints.

Unlike legitimate hosting providers, BPH operators such as Aeza Group openly market their services on underground forums, promising to shield clients from takedown requests and legal scrutiny.

This infrastructure is critical for the operation of ransomware campaigns, phishing schemes, infostealer malware, and darknet marketplaces.

Aeza Group, headquartered in St. Petersburg, has been linked to major cybercrime groups, including the Meduza and Lumma infostealer operators, who have targeted U.S. defense contractors and technology companies.

Infostealers harvest sensitive data—such as passwords and personal identifiers—which are then sold on darknet markets, fueling further criminal activity.

Aeza also hosted infrastructure for the BianLian ransomware group, RedLine malware panels, and the notorious BlackSprut darknet marketplace, which is implicated in global narcotics trafficking, including fentanyl precursor sales.

Sanctions, Executive Orders, and Enforcement

The sanctions are enacted under Executive Order 13694, as amended by E.O. 14144 and E.O. 14306, which authorize the blocking of property and interests of individuals and entities engaged in significant malicious cyber-enabled activities threatening U.S. national security, economy, or foreign policy.

The designated entities include Aeza Group’s U.K. front company, Aeza International Ltd., and its Russian subsidiaries, Aeza Logistic LLC and Cloud Solutions LLC, all of which are accused of leasing IP addresses and infrastructure to cybercriminals.

The four sanctioned executives are:

• Arsenii Aleksandrovich Penzev (CEO, 33% owner)
• Yurii Meruzhanovich Bozoyan (General Director, 33% owner)
• Vladimir Vyacheslavovich Gast (Technical Director)
• Igor Anatolyevich Knyazev (33% owner, current manager)

All U.S.-based property and interests of these individuals and entities are now blocked, and U.S. persons are generally prohibited from transacting with them.

Violations may trigger civil or criminal penalties, even for foreign persons, under OFAC’s strict liability regime.

Technical and Financial Implications

Aeza Group’s designation highlights the critical role of network infrastructure, IP address leasing, and cryptocurrency payments (including a cited TRON address) in sustaining cybercriminal operations.

By targeting both the technical backbone and financial flows, the Treasury aims to disrupt the cybercrime-as-a-service ecosystem and deter future abuse of global internet infrastructure.

This action follows a series of similar crackdowns, reflecting the growing international consensus on the need to dismantle the technical and organizational enablers of large-scale cyber threats.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates

The post U.S. Treasury Sanctions Bulletproof Hosting Firm Linked to Ransomware Gangs appeared first on Cyber Security News.