U.S. and U.K. sanction Russian tech firm linked to cyberattacks and fentanyl trade via darknet platforms.
The U.S. Department of the Treasury on Tuesday imposed sanctions on Russian technology company Aeza Group, accusing it of providing critical infrastructure to cybercriminals involved in ransomware attacks, data theft, and online drug trafficking.
The action, announced by the Treasury’s Office of Foreign Assets Control (OFAC), targets Aeza Group, three affiliated companies, and four senior leaders. It also includes a front company based in the United Kingdom, sanctioned in coordination with the U.K.’s National Crime Agency.
Based in St. Petersburg, Aeza Group operates as a bulletproof hosting provider—a type of service that offers cybercriminals resilient server infrastructure designed to evade law enforcement and takedown efforts. Treasury officials said Aeza’s infrastructure supported multiple malware and ransomware groups, including the operators behind the Meduza and Lumma infostealers, which have targeted U.S. defense contractors and technology firms.
Infostealers, which harvest personal data, passwords and credentials from victims’ devices, often serve as a gateway for further cybercrime. The stolen data is typically sold on darknet markets, forming a vital part of the global cybercrime economy.
Aeza also hosted infrastructure used by the BianLian ransomware group, RedLine malware panels, and BlackSprut, a Russian darknet marketplace used to buy and sell illicit drugs anonymously. According to the Treasury, such platforms are a growing contributor to narcotics trafficking into the United States, including the sale of fentanyl precursors and other synthetic opioids.
“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Bradley T. Smith, acting undersecretary for terrorism and financial intelligence. He said the action, taken in partnership with the U.K. and other allies, reflects Treasury’s effort to disrupt the core infrastructure and leadership behind cybercrime networks.
In addition to Aeza Group, the sanctions include Aeza International Ltd., a U.K.-based affiliate that leases IP addresses to cybercriminals, and two Russia-based subsidiaries, Aeza Logistic LLC and Cloud Solutions LLC. All three were designated for being owned or controlled by Aeza Group.
Four of the company’s top executives were also named. Arsenii Penzev, the CEO; Yurii Bozoyan, the general director; Vladimir Gast, the technical director; and Igor Knyazev, who is currently managing the company, were all sanctioned for their leadership roles and direct involvement in illicit operations.
As a result of the designations, all property and interests in property of the listed individuals and entities under U.S. jurisdiction are blocked, and Americans are generally prohibited from dealing with them. Treasury officials warned that both U.S. and foreign persons may face penalties for violations, which can be enforced even without intent.
The move follows a similar OFAC action in February against another bulletproof hosting provider and is part of a broader effort to dismantle the infrastructure enabling international cybercrime.
