US Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
pThe US Department of the Treasurys Office of Foreign Assets Control OFAC has levied sanctions against Russiabased bulletproof hosting BPH service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the worldppThe sanctions also extend to its subsidiaries Aeza International Ltd the UK branch of Aeza Group as well as Aeza Logistic LLC Cloud Solutions LLC and four individuals linked to the company ppIts worth noting that Penzev was arrested in early April 2025 on charges of leading a criminal organization and enabling largescale drug trafficking by hosting BlackSprut an illicit drugs marketplace on the dark web Bozoyan and two other Aeza employees Maxim Orel and Tatyana Zubova were also detainedppCybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks steal US technology and sell blackmarket drugs said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T SmithppTreasury in close coordination with the UK and our other international partners remains resolved to expose the critical nodes infrastructure and individuals that underpin this criminal ecosystemppBPH services have been godsend for threat actors as they are known to deliberately ignore abuse reports and law enforcement takedown requests often operating in countries with weak enforcement or intentionally vague legal standards This makes them a resilient option for attackers to host their malicious infrastructure including phishing sites and commandandcontrol C2 servers without disruption or consequencesppHeadquartered in St Petersburg Aeza Group is accused of leasing its services to various ransomware and information stealer families such as BianLian RedLine Meduza and Lumma some of which have been used to target US defense industrial base and technology companies and other victims worldwideppWhats more a report published by Correctiv and Qurium last July detailed the use of Aezas infrastructure by the proRussian influence operation dubbed Doppelganger Another threat actor that has availed the services of Aeza is Void Rabisu the Russiaaligned threat actor behind RomCom RATppAccording to Chainalysis a TRON cryptocurrency address associated with Aeza Group has received more than 350000 in crypto and cashed out at various deposit addresses at different exchanges These deposit addresses have also received funds from a darknet vendor peddling a stealer malware Garantex and an escrow service used for selling items on a popular gaming platformppThe designated address appears to function as an administrative wallet handling cashouts from the payment processor forwarding funds to various exchanges and occasionally receiving direct payments for Aezas services the company saidppThe development comes nearly five months after the Treasury sanctioned another Russiabased BPH service provider named Zservers for facilitating ransomware attacks such as those orchestrated by the LockBit groupppLast week Qurium also linked a Russian web hosting and proxy provider named Biterika to distributed denialofservice DDoS attacks against two Russian independent media outlets IStories and VerstkappThese sanctions form part of a broader effort to dismantle the ransomware supply chain by targeting critical enablers like malicious hosting C2 servers and dark web infrastructure As threat actors shift tactics monitoring sanctioned entities IP reputation scores and abuseresilient networks is becoming central to modern threat intelligence operationsppDiscover realtime defense tactics to detect and block deepfakes fake domains and multichannel scams before they cause damageppWell unpack how leading teams are using AI privacyfirst design and seamless logins to earn user trust and stay ahead in 2025ppGet the latest news expert insights exclusive resources and strategies from industry leaders all for freep