OFAC Sanctions Russian “Bulletproof Host” Aeza Group: Linked to Ransomware, Infostealers & Darknet
Ddos 
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has officially sanctioned Aeza Group, a notorious bulletproof hosting (BPH) provider headquartered in St. Petersburg, Russia. The action targets Aeza’s vast support network of subsidiaries and executives who have enabled ransomware, infostealers, and darknet drug trafficking operations around the world.
“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Bradley T. Smith, Acting Under Secretary for Terrorism and Financial Intelligence.
Bulletproof hosting providers are the digital arms dealers of the cyber underworld. They offer infrastructure and services—servers, IPs, and anonymized access—tailored to evade law enforcement and takedown efforts. Aeza Group, Treasury said, knowingly hosted infrastructure for high-profile malware and ransomware groups, including:
- Meduza infostealer
- Lumma infostealer
- BianLian ransomware
- RedLine infostealer
- BlackSprut darknet marketplace
These tools were used to target the U.S. defense industrial base and technology sector, harvesting credentials and sensitive information that often ended up for sale on darknet markets.
“Aeza Group has provided BPH services to ransomware and malware groups… who have used the hosting service to target the U.S. defense industrial base and technology companies,” the press release states.
In a coordinated strike with the UK’s National Crime Agency (NCA), OFAC also sanctioned Aeza’s front company in the United Kingdom, Aeza International Ltd., which leased IP addresses to cybercriminals, helping disguise their activities as legitimate traffic.
Two additional Russia-based subsidiaries—Aeza Logistic LLC and Cloud Solutions LLC—were also sanctioned for acting as conduits for Aeza’s criminal clients.
“Aeza Group uses Aeza International to lease IP addresses to cybercriminals, including Meduza infostealer operators,” Treasury confirmed.
Four key Aeza Group executives were named and sanctioned:
- Arsenii Penzev (CEO, 33% owner) – Arrested in Russia for involvement in hosting Blacksprut, a major darknet drug marketplace.
- Yurii Bozoyan (General Director, 33% owner) – Managed Aeza’s finances and was also arrested for darknet links.
- Vladimir Gast (Technical Director) – Oversaw infrastructure and helped deploy illicit platforms like Blacksprut.
- Igor Knyazev (33% owner) – Currently managing operations during the absence of Penzev and Bozoyan.
OFAC stated that each was designated for being a leader or senior executive of Aeza Group, under Executive Orders 13694, 14144, and 14306—which target cyber-enabled threats to U.S. national security and financial stability.
The sanctions freeze all U.S.-based assets tied to Aeza Group, its subsidiaries, or its leaders, and prohibit all transactions involving U.S. persons or systems. Financial institutions and businesses that continue working with the sanctioned entities risk exposure to secondary sanctions, including asset seizure and legal penalties.
Donate