July 1, 2025
WASHINGTON Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is designating Aeza Group, a bulletproof hosting (BPH) services provider, for its role in supporting cybercriminal activity targeting victims in the United States and around the world. BPH service providers sell access to specialized servers and other computer infrastructure designed to help cybercriminals like ransomware actors, personal information stealers, and drug vendors evade detection and resist law enforcement attempts to disrupt their malicious activities. OFAC is also designating two affiliated companies and four individuals who are Aeza Group leaders. Finally, in coordination with the United Kingdom’s (UK) National Crime Agency (NCA), OFAC is designating an Aeza Group front company in the UK.

“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”

Today’s action is being taken pursuant to Executive Order (E.O.) 13694, as further amended, and builds on OFAC’s February action targeting ZServers BPH. Today’s action also reflects Treasury’s continued work to combat cybercrime and degrade the support networks that enable malicious actors to target U.S. citizens, technology, and critical industries.

AEZA GROUP: KEY TECHNICAL SUPPORT FOR RANSOMWARE GROUPS, CYBERCRIME, AND ILLICIT DRUGS
Aeza Group, headquartered in St. Petersburg, Russia, has provided BPH services to ransomware and malware groups such as the Meduza and Lumma infostealer operators, who have used the hosting service to target the U.S. defense industrial base and technology companies, among other victims globally. Infostealers are often used to harvest personal identifying information, passwords, and other sensitive credentials from compromised victims. These credentials are then often sold on darknet markets for profit, making infostealer operators a key piece of the cybercrime ecosystem.

Aeza Group has also hosted BianLian ransomware, RedLine infostealer panels, and BlackSprut, a Russian darknet marketplace for illicit drugs. Darknet drug marketplaces allow for the anonymous purchase and shipment of narcotics over the internet, making them a present and increasing contributor to drug trafficking to the United States and worldwide. According to Treasury’s Financial Crimes Enforcement Network (FinCEN) and its supplemental advisory on fentanyl, criminal organizations use darknet marketplaces to sell precursor chemicals and manufacturing equipment used for the synthesis of fentanyl and other synthetic opioids, as well as to traffic fentanyl and other narcotics into the United States.

OFAC is designating Aeza Group pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being responsible or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States, and that have the purpose of or involve causing a misappropriation of funds or economic resources, intellectual property, proprietary or business confidential information, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.

Aeza International Ltd. is the United Kingdom branch of Aeza Group. Aeza Group uses Aeza International to lease IP addresses to cybercriminals, including Meduza infostealer operators.

Aeza Logistic LLC and Cloud Solutions LLC are Russia-based subsidiaries that are 100% owned by Aeza Group. Servers BPH. 

DNS4EU, an EU-based DNS resolution service created to strengthen European Union’s digital sovereignty, has become reality.

What is DNS?
The Domain Name System (DNS) “translates” human-readable domain names into IP addresses and back, and is essential for accessing websites.

Most users use DNS resolver services provided by their internet service provider (because they are automatically configured) or a public DNS provider like Google or Cloudflare.

DNS4EU is meant to be a resilient, fast, reliable, secure, privacy-friendly and EU-based alternative for those.

The goal of DNS4EU
DNS4EU is an initiative co-funded by the European Union and supported by the European Union Agency for Cybersecurity (ENISA), though the service is expected to be commercialised, “since it has to be sustainable without operational costs from the EU after 2025.”

It is developed and managed by a consortium of private cybersecurity companies, CERTs, and academic institutions from 10 European Union countries, with Czech cybersecurity company Whalebone as its leader.

“The DNS4EU initiative aligns with the EU’s strategic goal of enhancing its digital autonomy by providing an alternative to the existing public DNS services provided by non-european entities,” says the group.

On May 29, 2025, SentinelOne experienced a global service disruption affecting multiple customer-facing services. During this period, customer endpoints remained protected, but security teams were unable to access the management console and related services, which significantly impacted their ability to manage their security operations and access important data. We apologize for the disruption caused by this service interruption.

The root cause of the disruption was a software flaw in an infrastructure control system that removed critical network routes, causing widespread loss of network connectivity within the SentinelOne platform. It was not a security-related event. The majority of SentinelOne services experienced full or partial downtime due to this sudden loss of network connectivity to critical components in all regions.

We’d like to assure our commercial customers that their endpoints were protected throughout the duration of the service disruption and that no SentinelOne security data was lost during the event. Protected endpoint systems themselves did not experience downtime due to this incident. A core design principle of the SentinelOne architecture is to ensure protection and prevention capabilities continue uninterrupted without constant cloud connectivity or human dependency for detection and response – even in the case of service interruptions, of any kind, including events like this one.

Bulletproof hosting services provide the infrastructure for cybercriminal activities, enabling criminals to evade legal constraints and are often used for malware, hacking attacks, fraudulent…

Un rapport longtemps tenu secret ne présente pas le Service de renseignement de la Confédération sous un jour favorable. Les espions suisses ont agi de manière illégale et très peu professionnelle: pendant des années, ils ont traqué des hackers sans autorisation.

Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.

Today we've published an open letter to online service providers operating in the UK about the increased risk of their platforms being used to stir up hatred, provoke violence and commit other offences under UK law, in the context of recent acts of violence in the UK.

The Toronto Police Service is making the public aware of 10 arrests made and 108 charges laid in a major SIM swap fraud investigation dubbed Project Disrupt.

On Thursday, August 1, 2024, Detective David Coffey, from the Financial Crimes Unit, and Detective Constable Michael Gow, from the Coordinated Cyber Center (C3), held a news conference about Project Disrupt.

The National Crime Agency has infiltrated a significant DDoS-for-hire service which has been responsible for tens of thousands of attacks every week across the globe.

The disruption targeting digitalstress.su, a criminal marketplace offering DDos capabilities, was made in partnership with the Police Service of Northern Ireland.

It comes after the PSNI arrested one of the site’s suspected controllers earlier this month.

A cohort of Russian-speaking hackers is demanding $50 million from a UK lab-services provider to end a ransomware attack that has paralyzed services at London hospitals for weeks, according to a representative for the group.
#Britain #Cancer #Ciaran #Europe #Government #Great #HEALTH #Kingdom #London #Martin #NATIONAL #Regulation #SERVICE #United #business #cybersecni #cybersecurity #technology

A previously discovered vulnerability affecting self-hosted Cisco Webex instances similarly affected the Webex cloud service.

Ukraine's defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups.

In recent years, cybercriminals have become increasingly professional — fraudsters have consistently been improving their skills, making less crucial mistakes, and creating various “as-a-service” businesses to help lower-skilled threat actors launch scams and attacks, allowing the latter to run full cybercrime operations.

There are different types of cybercrime services that exist today, including malware-as-a-service, where cybercriminals develop and sell malware services to other malicious actors; the service also includes creating and spreading malware types such as ransomware on compromised hosts. Meanwhile, other services require the use of multiple social media accounts to be successfully carried out, such as misinformation, spamming, and malware propagation. Indeed, it’s not uncommon for cybercriminals to send thousands of spam messages using thousands of accounts on social media platforms. But how do they manage to automate all of it?

Apple released its first update to its new behavioural security protection in XProtect Behaviour Service on 8 August, and again on 1 September. Here are the details.

Check Point Research recently discovered three vulnerabilities in the “Microsoft Message Queuing” service, commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the April Patch Tuesday update. The most severe of these, dubbed QueueJumper by CPR (CVE-2023-21554), is a critical vulnerability that could allow unauthorized attackers to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.

This latest release documents further extensive evidence of the establishment by local PRC Public Security authorities of at least 102 “Chinese Overseas Police Service Centers” in 53 countries around the world and how some of them have been partaking in the execution of "persuasions to return" operations. Patrol and Persuade (PDF) also documents the (silent) complicity of a number of host countries, instilling a further sense of fear into targeted communities and severely undermining the international rules-based order .

911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its…