US sanctions ‘bulletproof’ hosting provider Aeza for cybercrime ops

The United States Department of Treasury issued penalties against Russia-based hosting provider Aeza Group for supporting cybercrime operations.

According to Treasury officials, Aeza has been operating out of St. Petersburg as a bulletproof hosting (BPH) service that offers no-questions-asked access to servers for various unsavory activities.

The sanctions bar U.S. organizations from doing business with Aeza Group and make any U.S.-based assets from the company subject to seizure. That measure also applies in the UK, where it is alleged that the company maintained a front operation.

In addition to sanctions on the company itself, the Treasury Department said that it will impose personal sanctions on four people who either had an ownership stake in the company or had a hand in running its day-to-day operations.

Arsenii Aleksandrovich Penzev, Yurii Meruzhanovich Bozoyan and Igor Anatolyevich Knyazev were listed as the joint controlling partners of the Aeza Group operation, while Vladimir Vyacheslavovich Gast was named as the technical director of the operation.

“As a result of today’s action, all property and interests in property of the designated or blocked persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to the Office of Foreign Assets control,” the Treasury Department said.

“In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50% or more by one or more blocked persons are also blocked.”

The crew is alleged to provide the bare-metal infrastructure for a number of malware families, as well as a dark web market trafficking in illegal drugs.

Among the alleged clients of Aeza were the threat actors behind the Medusa and Lumma infostealer malware operations as well as the BianLian Ransomware and RedLine infostealer.

Aeza is also alleged to hosting BlackSprut, a Russian-based marketplace that trafficked drugs internationally.

U.S. officials said that the sanctions are part of an effort to take down the backbone of malware operations and illegal drug markets. By targeting the bullet-proof hosting providers, law enforcement officials are seeking to cripple threat actors who would otherwise prove difficult to identify and apprehend.

“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Bradley Smith, acting under secretary of the treasury for terrorism and financial intelligence.  

“Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”