July 1, 2025
WASHINGTON Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is designating Aeza Group, a bulletproof hosting (BPH) services provider, for its role in supporting cybercriminal activity targeting victims in the United States and around the world. BPH service providers sell access to specialized servers and other computer infrastructure designed to help cybercriminals like ransomware actors, personal information stealers, and drug vendors evade detection and resist law enforcement attempts to disrupt their malicious activities. OFAC is also designating two affiliated companies and four individuals who are Aeza Group leaders. Finally, in coordination with the United Kingdom’s (UK) National Crime Agency (NCA), OFAC is designating an Aeza Group front company in the UK.
“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”
Today’s action is being taken pursuant to Executive Order (E.O.) 13694, as further amended, and builds on OFAC’s February action targeting ZServers BPH. Today’s action also reflects Treasury’s continued work to combat cybercrime and degrade the support networks that enable malicious actors to target U.S. citizens, technology, and critical industries.
AEZA GROUP: KEY TECHNICAL SUPPORT FOR RANSOMWARE GROUPS, CYBERCRIME, AND ILLICIT DRUGS
Aeza Group, headquartered in St. Petersburg, Russia, has provided BPH services to ransomware and malware groups such as the Meduza and Lumma infostealer operators, who have used the hosting service to target the U.S. defense industrial base and technology companies, among other victims globally. Infostealers are often used to harvest personal identifying information, passwords, and other sensitive credentials from compromised victims. These credentials are then often sold on darknet markets for profit, making infostealer operators a key piece of the cybercrime ecosystem.
Aeza Group has also hosted BianLian ransomware, RedLine infostealer panels, and BlackSprut, a Russian darknet marketplace for illicit drugs. Darknet drug marketplaces allow for the anonymous purchase and shipment of narcotics over the internet, making them a present and increasing contributor to drug trafficking to the United States and worldwide. According to Treasury’s Financial Crimes Enforcement Network (FinCEN) and its supplemental advisory on fentanyl, criminal organizations use darknet marketplaces to sell precursor chemicals and manufacturing equipment used for the synthesis of fentanyl and other synthetic opioids, as well as to traffic fentanyl and other narcotics into the United States.
OFAC is designating Aeza Group pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being responsible or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States, and that have the purpose of or involve causing a misappropriation of funds or economic resources, intellectual property, proprietary or business confidential information, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.
Aeza International Ltd. is the United Kingdom branch of Aeza Group. Aeza Group uses Aeza International to lease IP addresses to cybercriminals, including Meduza infostealer operators.
Aeza Logistic LLC and Cloud Solutions LLC are Russia-based subsidiaries that are 100% owned by Aeza Group. Servers BPH.
In a sanctions package including more than 150 new measures, the British government said it was closing loopholes being exploited by the Kremlin.
A key Russian cybercrime syndicate responsible for aiding merciless ransomware attacks around the world has been targeted by new UK sanctions.
The Council imposed restrictive measures on three individuals involved in cyber-attacks against Estonia.
Russian companies have begun using bitcoin and other digital currencies in international payments following legislative changes that allowed such use in order to counter Western sanctions, Finance Minister Anton Siluanov said on Wednesday.
Sanctions have complicated Russia's trade with its major partners such as China or Turkey, as local banks are extremely cautious with Russia-related transactions to avoid scrutiny from Western regulators.
The United States exposes the identity of and imposes sanctions on two members of the Russian government-aligned hacktivist group.WASHINGTON — Today, the United States designated Yuliya Vladimirovna Pankratova (Pankratova) and Denis Olegovich Degtyarenko (Degtyarenko), two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their roles in cyber operations against U.S. critical infrastructure
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022.
This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP).
The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations.
#APT31 #China #Computer #Critical #InfoSec #Infrastructure #Sanctions #Security #USA
The U.S. government announced Tuesday sanctions against the founder of the notorious spyware company Intellexa and one of his business partners. This is
As the damage caused by ransomware and profits flowing to attackers reaches record levels, a panel of cybersecurity and policy experts reviewed what it might take
G7 is drafting a workaround to use frozen assets to rebuild Ukraine.
The United Kingdom and United States on Thursday sanctioned seven people connected to what officials have told The Record is a single network behind the Conti and Ryuk ransomware gangs as well as the Trickbot banking trojan.
The sanctions are described as the first major move of a “new campaign of concerted action” between Britain and the United States, and insiders say that further actions should be expected later this year.
Si les sanctions économiques contre la Russie ont un impact significatif, il en est autrement de celles imposées dans le domaine cyber.
