U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting
U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting
July 02, 2025
U.S. Treasury sanctions Russia-based Aeza Group and affiliates for aiding cybercriminals via bulletproof hosting services.
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Russia-based Aeza Group for aiding global cybercriminals via bulletproof hosting services.
A bulletproof hosting service is a type of internet hosting provider that knowingly allows cybercriminals to host malicious content or run illegal operations, and helps them stay online even when authorities try to shut them down.
Unlike regular hosting companies, bulletproof hosts often ignore abuse reports, turn a blind eye to illegal activity, or are even complicit in the crimes. These services might be used to host things like phishing websites, malware, ransomware operations, or underground marketplaces.
They’re called “bulletproof” because they’re designed to be resistant to takedowns, either by hiding behind layers of anonymity, operating in countries with weak enforcement, or constantly moving servers around.
Two affiliates, four leaders, and a UK front company were also designated, in coordination with the UK’s National Crime Agency. The infrastructure of the Aeza Group was used by ransomware and malware groups such as the Meduza and Lumma infostealer operators, data thieves, and drug vendors by helping them evade detection and law enforcement.
“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”
The sanctions also target Aeza Group’s subsidiaries, Aeza International Ltd. (UK), Aeza Logistic LLC, and Cloud Solutions LLC, along with four key figures: CEO Arsenii Penzev, General Director Yurii Bozoyan, Technical Director Vladimir Gast, and part-owner Igor Knyazev. All are linked to managing or operating the cybercrime-supporting infrastructure.
Arsenii Penzev, CEO and 33% owner of Aeza Group, has ties to bulletproof hosting and illegal drug marketplaces. He was arrested in Russia for hosting the illicit Blacksprut marketplace hosted on Aeza’s infrastructure.
On February 11, 2025, the US, UK, and Australia sanctioned another Russian bulletproof hosting services provider, Zservers/XHost, and two Russian administrators because they supported Russian ransomware LockBit operations.
Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov are the two Russian nationals and administrators of Zservers.
A few days later, Dutch police announced it took 127 servers associated with the bulletproof hosting service Zservers/XHost offline. The law enforcement revealed that Zservers’ servers were in Amsterdam, and cybercrime groups like Conti and LockBit used the platform.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, bulletproof hosting)
