On July 1, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on Aeza Group, a Russia-based bulletproof hosting (BPH) service provider, for facilitating cybercriminal activities worldwide. This decisive action targets the infrastructure supporting ransomware operations, information-stealing malware, and darknet drug marketplaces that pose significant threats to U.S. national security and economic stability.
Aeza Group’s Role in Cybercrime
Headquartered in St. Petersburg, Russia, Aeza Group specialized in offering bulletproof hosting services designed to help cybercriminals evade detection and resist law enforcement efforts. Their infrastructure supported notorious ransomware groups, including BianLian operators, and hosted command-and-control (C2) panels for the Meduza and Lumma infostealers. These infostealers specifically targeted the U.S. defense industrial base and technology companies, harvesting personal identifying information, passwords, and sensitive credentials from victims. The stolen data was often sold on darknet markets, fueling a self-sustaining cybercrime ecosystem. ([compliancealliance.com](https://compliancealliance.com/news-events/entry/treasury-sanctions-global-bulletproof-hosting-service-enabling-cybercriminals-and-technology-theft/?utm_source=openai))
Additionally, Aeza Group hosted BlackSprut, a Russian darknet marketplace facilitating illicit drug trafficking, including fentanyl precursor chemicals and manufacturing equipment. This platform contributed to the proliferation of illegal drugs, exacerbating public health crises and undermining law enforcement efforts. ([compliancealliance.com](https://compliancealliance.com/news-events/entry/treasury-sanctions-global-bulletproof-hosting-service-enabling-cybercriminals-and-technology-theft/?utm_source=openai))
Sanctioned Individuals and Entities
OFAC designated four key individuals associated with Aeza Group under Executive Order 13694:
– Arsenii Aleksandrovich Penzev: CEO and 33% owner of Aeza Group.
– Yurii Meruzhanovich Bozoyan: General Director and 33% owner.
– Vladimir Vyacheslavovich Gast: Technical Director.
– Igor Anatolyevich Knyazev: 33% owner managing operations in the absence of Penzev and Bozoyan.
Both Penzev and Bozoyan were previously arrested by Russian authorities in April 2025 for their involvement in hosting the BlackSprut marketplace on Aeza Group’s infrastructure. ([thehackernews.com](https://thehackernews.com/2025/07/us-sanctions-russian-bulletproof.html?utm_source=openai))
In addition to these individuals, OFAC sanctioned three affiliated companies:
– Aeza International Ltd.: The UK branch of Aeza Group, serving as a front company to lease IP addresses to cybercriminals, including Meduza infostealer operators.
– Aeza Logistic LLC: A 100% owned Russian subsidiary.
– Cloud Solutions LLC: Another 100% owned Russian subsidiary.
These designations underscore the international scope of Aeza Group’s operations and the global nature of modern cybercrime infrastructure. ([compliancealliance.com](https://compliancealliance.com/news-events/entry/treasury-sanctions-global-bulletproof-hosting-service-enabling-cybercriminals-and-technology-theft/?utm_source=openai))
Financial Infrastructure and Cryptocurrency Involvement
OFAC’s sanctions also targeted a cryptocurrency address associated with Aeza Group: a TRON wallet identified as TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F. This wallet functioned as an administrative account, handling cash-outs from Aeza’s payment processor, forwarding funds to various exchanges, and occasionally receiving direct payments for Aeza’s services. On-chain analysis indicates that Aeza relied on a payment processor to receive payments for hosting services, thereby obscuring the traceability of customer deposits. The designated address received more than $350,000 in cryptocurrency, which was cashed out at various deposit addresses across multiple exchanges. ([chainalysis.com](https://www.chainalysis.com/blog/ofac-sanctions-aeza-group-bulletproof-hosting-crypto-payments-july-2025/?utm_source=openai))
Implications of the Sanctions
The sanctions block all U.S.-based property and interests of the designated entities and individuals, prohibiting American persons from conducting transactions with them. Financial institutions risk exposure to secondary sanctions for engaging with blocked persons. OFAC’s action was coordinated with the UK’s National Crime Agency, reflecting international cooperation in combating cybercrime infrastructure. ([compliancealliance.com](https://compliancealliance.com/news-events/entry/treasury-sanctions-global-bulletproof-hosting-service-enabling-cybercriminals-and-technology-theft/?utm_source=openai))
This move is part of a broader strategy to disrupt the infrastructure that enables large-scale cybercrime. By targeting bulletproof hosting providers like Aeza Group, the U.S. government aims to dismantle the supply chain that cybercriminals rely on, rather than solely pursuing individual threat actors after attacks have occurred. ([chainalysis.com](https://www.chainalysis.com/blog/ofac-sanctions-aeza-group-bulletproof-hosting-crypto-payments-july-2025/?utm_source=openai))
Broader Context and Previous Actions
The action against Aeza Group follows a series of coordinated efforts to combat cybercrime infrastructure. In February 2025, the U.S., UK, and Australia sanctioned Zservers, another Russia-based bulletproof hosting provider, for its role in supporting LockBit ransomware operations. These actions demonstrate a concerted international effort to target the critical nodes and individuals that underpin the cybercriminal ecosystem. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomwares-bulletproof-hosting-provider/?utm_source=openai))
Conclusion
The sanctions imposed on Aeza Group and its affiliates represent a significant step in the ongoing battle against cybercrime. By targeting the infrastructure that supports malicious activities, authorities aim to disrupt the operations of cybercriminals and protect global cybersecurity. This action underscores the importance of international cooperation in addressing the complex and evolving threats posed by cybercrime.
