According to TechRadar, the U.S. Department of the Treasury has announced sanctions against the Russian company Aeza Group and its affiliated entities for facilitating cyberattacks and extortion. This marks the second time in 2024 that U.S. authorities have penalized hosting providers operating as bulletproof hosting services—providers that deliberately ignore complaints about their clients’ illegal activities.
Investigations found that Aeza Group provided technical infrastructure for at least three well-known cybercriminal operations: the BianLian ransomware group, and the Meduza and Lumma infostealer operations. According to investigators, BianLian targeted critical infrastructure in the U.S. and prominent humanitarian organizations, including Save The Children.
Sanctions also extend to Aeza’s affiliated entities in the United Kingdom, including Aeza International. According to U.S. authorities, Aeza is jointly owned by three Russian nationals: Arseniy Penzev, Yuriy Bozoyan, and Igor Knyazev, who each control equal shares of the company. The UK's National Crime Agency (NCA) assisted the U.S. in identifying affiliated entities within the UK.
“We will continue to identify key nodes, infrastructure, and individuals enabling the operation of the criminal ecosystem,” said Bradley Smith, Acting Deputy Secretary of the Treasury for Intelligence and Analysis.
American companies are now prohibited from conducting any business with Aeza Group. However, the sanctions are unlikely to significantly impact Aeza’s operations, as the majority of its clients are reportedly located in Russia or nearby jurisdictions.
In addition to targeting Aeza, U.S. authorities have also cracked down on specific cybercrime tools: five domains linked to the Lumma Stealer malware, used for stealing data, were recently seized.
Bulletproof hosting providers are companies that intentionally ignore complaints about illegal or malicious activity hosted on their servers. They are often used for phishing, virus distribution, botnets, or as platforms for cybercriminals.
