The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Russia-based bulletproof hosting (BPH) provider Aeza Group, accusing the company of supporting cybercriminal operations and global threat actors.
The sanctions target Aeza Group’s parent entity, subsidiaries, including the UK-based Aeza International Ltd., Aeza Logistic LLC, and Cloud Solutions LLC, and four individuals linked to the company’s leadership and operations.
Among those sanctioned are Arsenii Aleksandrovich Penzev, Aeza Group’s CEO and 33% owner; Yurii Meruzhanovich Bozoyan, general director and co-owner; Vladimir Vyacheslavovich Gast, the firm’s technical director; and Igor Anatolyevich Knyazev, another co-owner who oversees operations in the absence of the top leadership.
Penzev was arrested in April 2025 in Moscow on charges related to leading a criminal organization and facilitating large-scale drug trafficking by hosting the online drug store BlackSprut. Along with Bozoyan were detained two employees, Maxim Orel and Tatyana Zubova.
Based in St. Petersburg, Aeza Group is accused of knowingly leasing infrastructure to cybercrime groups including ransomware and infostealer families such as BianLian, RedLine, Meduza, and Lumma, some of which have been used to target US defense contractors and tech companies.
According to previous reports, Aeza's infrastructure was also used by Doppelganger, a pro-Russian influence operation that spread Kremlin propaganda via clones of the well- established news outlets such as Le Monde and the Guardian. Additionally, the Russia-aligned hacker group Nebulous Mantis (aka Cuba, STORM-0978, Tropical Scorpius, UNC2596), known for deploying the RomCom RAT, is believed to have used Aeza's services for hosting spear-phishing and command-and-control (C2) servers.
