“`html
The US Treasury has penalized the Russia-based Aeza Group, along with its leadership and a crypto wallet associated with the organization, for purportedly facilitating ransomware and information stealers.
Aeza Group, a bulletproof hosting (BPH) services provider, allegedly markets access to tailored servers and additional computer infrastructure to assist cyber offenders in executing ransomware operations and acquiring sensitive data, the Treasury’s Office of Foreign Assets Control (OFAC) announced on Tuesday.
OFAC’s penalties also encompass an address holding $350,000 in cryptocurrency, several companies based in Russia and the UK, and four Russian individuals who are reportedly co-owners or executives at Aeza.
Crypto users are repeatedly targeted with ransomware and other data stealers, with blockchain security entity CertiK attributing the majority of the $2.1 billion in stolen cryptocurrency for 2025 thus far to phishing attempts that compromise sensitive information such as crypto wallet keys.
Aeza crypto address was an administrative wallet
OFAC sanctioned a Tron blockchain address recognized as an administrative wallet, managing cash-outs from Aeza’s payment processor, routing funds to various crypto exchanges and intermittently receiving direct payments for Aeza’s services, blockchain analytics enterprise Chainalysis stated on Tuesday.
“On-chain investigations and further research suggest that Aeza depended on a payment processor to receive funds for hosting services, thereby obscuring the traceability of customer deposits,” the firm added.
Blockchain intelligence agency TRM Labs noted on Tuesday that the crypto address also maintained regular cash-out connections to payment service providers and is linked via intermediary addresses to other cybercriminal services and the sanctioned Russian crypto exchange Garantex.
OFAC alleged that Aeza Group, located in St. Petersburg, supplied BPH services to ransomware and malware organizations including the Meduza and Lumma infostealer operators, BianLian ransomware, RedLine infostealer panels, and BlackSprut, a Russian darknet marketplace.
Aeza’s board of directors sanctioned
OFAC further sanctioned individuals it identified as members of Aeza’s “board of directors,” which includes CEO and part owner Arsenii Aleksandrovich Penzev, general director and part owner Yurii Meruzhanovich Bozoyan, technical director Vladimir Vyacheslavovich Gast, and Igor Anatolyevich Knyazev, another part owner.
It asserted that Knyazev is overseeing the operations following the arrests of Penzev and Bozoyan by Russian authorities concerning their alleged ties to the illicit dark marketplace Blacksprut.
The sanctions imply that all US assets tied to Aeza and the individuals specified are frozen. Engaging in any financial transactions or business dealings with them is also prohibited under threat of civil and criminal repercussions.
Related: US, UK, Australia sanction Zservers for hosting crypto ransomware LockBit
Global law enforcement targeting cybercrime infrastructure
Chainalysis indicated that OFAC’s sanctions signify “another crucial step” in addressing fundamental cybercrime infrastructure.
“By sanctioning bulletproof hosting providers, the US government is undermining the supply chain that enables widespread cybercrime, focusing on the underlying support rather than merely pursuing individual threat actors after incidents occur,” the firm remarked.
In the meantime, TRM Labs emphasized that dismantling operations like Aeza’s diminishes the “surface area of exploitation” and creates “potential pressure points” for law enforcement to target in the ongoing conflict against cybercrime.
Magazine: Coinbase hack reveals the law probably won’t safeguard you: Here’s why
Source link
“`
