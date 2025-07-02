The US Treasury has announced sanctions against Russian bulletproof hosting (BPH) provider Aeza Group for facilitating cyber-attacks against victims in America and across the world.

Aeza Group, which is headquartered in St. Petersburg, Russia, has provided BPH services to high-profile cybercrime-as-a-service providers. These include the Meduza, Lumma and RedLine infostealer operators and the BianLian ransomware-as-a-service group.

Its infrastructure has also hosted BlackSprut, a Russian darknet marketplace for illicit drugs, according to the Department of the Treasury.

The Treasury’s Office of Foreign Assets Control (OFAC) has also sanctioned two affiliated companies – Aeza Logistic LLC and Cloud Solutions LLC – and four individuals who are Aeza Group leaders.

These individuals include Aeza’s general director Yurii Meruzhanovich Bozoyan and technical director Vladimir Vyacheslavovich Gast.

Additionally, in coordination with UK authorities, OFAC has sanctioned an Aeza Group front company in the UK – Aeza International Ltd.

The sanctions mean that all property and interests owned by Aeza must be blocked and reported to OFAC, while civil or criminal penalties can be imposed on any individual who engage in transactions with the firm.

Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith, commented: “Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal US technology and sell black-market drugs.”

He added: “Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure and individuals that underpin this criminal ecosystem.”

In February 2025, the UK, US and Australia announced joint sanctions against another BPH service, Zservers, which has been used by the notorious ransomware-as-a-service outfit LockBit, among others.

The Emergence of Bulletproof Hosting

BPH services include providing access to specialized servers and other computer infrastructure.

These services assist cybercriminals such as ransomware actors, personal information stealers and drug vendors to evade detection and resist law enforcement attempts to disrupt their malicious activities.

Evasion techniques include consistently changing their autonomous system (AS) and IP address ranges – internet routing protocols used to identify a connected device and allow it to communicate with others within the network.

BPH providers are usually located in jurisdictions where international law enforcement has little reach, particularly Russia. This means that sanctions on such providers are likely to have limited impact.