The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Aeza Group, a Russian-based bulletproof hosting service provider that has facilitated cybercriminal operations targeting American victims and organizations worldwide.
The coordinated action, conducted in partnership with the United Kingdom’s National Crime Agency, represents a significant escalation in efforts to dismantle the infrastructure supporting ransomware attacks, data theft operations, and illicit drug marketplaces.
Aeza Group, headquartered in St. Petersburg, Russia, has served as a critical enabler for numerous high-profile cybercriminal organizations by providing specialized hosting services designed to evade law enforcement detection.
The company has directly supported ransomware groups including BianLian, while hosting infrastructure for dangerous infostealer operations such as Meduza and Lumma, which have specifically targeted U.S. defense contractors and technology companies.
Beyond ransomware operations, Aeza Group has provided hosting services for RedLine infostealer panels, sophisticated tools used to harvest personal identifying information, passwords, and sensitive credentials from compromised systems.
These stolen credentials are frequently sold on darknet markets, creating a lucrative ecosystem that fuels further cybercriminal activity.
The company also hosted BlackSprut, a prominent Russian darknet marketplace specializing in illicit drug sales, including precursor chemicals used in fentanyl production.
The Treasury’s Financial Crimes Enforcement Network has identified darknet drug marketplaces as increasingly significant contributors to drug trafficking operations targeting the United States.
These platforms enable anonymous purchasing and shipping of narcotics, with criminal organizations using them to distribute both finished synthetic opioids and the equipment necessary for domestic production.
Company Structure Targeted
- Arsenii Aleksandrovich Penzev, CEO and 33 percent owner, was arrested by Russian law enforcement for placing the BlackSprut marketplace on Aeza Group infrastructure.
- Yurii Meruzhanovich Bozoyan, general director and fellow 33 percent owner, managed Aeza Group’s finances prior to facing similar arrests.
- Vladimir Vyacheslavovich Gast, technical director, oversaw the company’s internal network and supervised the technical deployment that enabled BlackSprut operations.
- Igor Anatolyevich Knyazev, the remaining 33 percent owner, has taken over management duties during Penzev and Bozoyan’s absence.
- Aeza International Ltd., the United Kingdom branch, is used to lease IP addresses to cybercriminals.
- Aeza Logistic LLC, a wholly owned Russian subsidiary, supports core infrastructure needs.
- Cloud Solutions LLC, another wholly owned Russian subsidiary, likewise underpins Aeza Group’s hosting operations.
Sanctions Implications
Under the imposed sanctions, all property and interests belonging to the designated individuals and entities within U.S. jurisdiction are now blocked and must be reported to OFAC.
The restrictions extend to any entities owned 50% or more by blocked persons, effectively freezing their assets and prohibiting U.S. persons from conducting transactions with them.
Acting Under Secretary Bradley T. Smith emphasized that the action reflects Treasury’s commitment to exposing critical infrastructure supporting cybercriminal ecosystems.
The sanctions were implemented under Executive Order 13694, targeting cyber-enabled activities that threaten U.S. national security, foreign policy, or economic stability.
Financial institutions and other entities risk exposure to sanctions for engaging with designated persons, with violations potentially resulting in both civil and criminal penalties under strict liability standards.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
