US sanctions Russian bulletproof hosting for supporting cybercrime

US sanctions Russian bulletproof hosting for supporting cybercrime

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Russia-based bulletproof hosting (BPH) provider Aeza Group, accusing the company of supporting cybercriminal operations and global threat actors.

The sanctions target Aeza Group’s parent entity, subsidiaries, including the UK-based Aeza International Ltd., Aeza Logistic LLC, and Cloud Solutions LLC, and four individuals linked to the company’s leadership and operations.

Among those sanctioned are Arsenii Aleksandrovich Penzev, Aeza Group’s CEO and 33% owner; Yurii Meruzhanovich Bozoyan, general director and co-owner; Vladimir Vyacheslavovich Gast, the firm’s technical director; and Igor Anatolyevich Knyazev, another co-owner who oversees operations in the absence of the top leadership.

Penzev was arrested in April 2025 in Moscow on charges related to leading a criminal organization and facilitating large-scale drug trafficking by hosting the online drug store BlackSprut. Along with Bozoyan were detained two employees, Maxim Orel and Tatyana Zubova.

Based in St. Petersburg, Aeza Group is accused of knowingly leasing infrastructure to cybercrime groups including ransomware and infostealer families such as BianLian, RedLine, Meduza, and Lumma, some of which have been used to target US defense contractors and tech companies.

According to previous reports, Aeza's infrastructure was also used by Doppelganger, a pro-Russian influence operation that spread Kremlin propaganda via clones of the well- established news outlets such as Le Monde and the Guardian. Additionally, the Russia-aligned hacker group Nebulous Mantis (aka Cuba, STORM-0978, Tropical Scorpius, UNC2596), known for deploying the RomCom RAT, is believed to have used Aeza's services for hosting spear-phishing and command-and-control (C2) servers.


Back to the list

Latest Posts

UNC6148 threat actor actively targets outdated and patched SonicWall devices

UNC6148 threat actor actively targets outdated and patched SonicWall devices

The group is using stolen credentials and OTP seeds to regain access to devices even after security updates have been applied.
17 July 2025
Google patches Chrome zero-day allowing sandbox escape

Google patches Chrome zero-day allowing sandbox escape

The flaw stems from insufficient validation of untrusted input in ANGLE and GPU.
16 July 2025
Ukrainian police dismantle major server network used for malware distribution

Ukrainian police dismantle major server network used for malware distribution

Authorities identified a 33-year-old French national as the organizer of the illegal operation.
16 July 2025