The United States Department of the Treasury has levied sanctions against the Russia-based bulletproof hosting service provider Aeza Group. The company is accused of assisting threat actors in their malicious activities and targeting victims in the US. These sanctions also extend to its subsidiaries, including Aeza International Ltd., which is the UK branch of Aeza Group. Four individuals linked to the company have also been sanctioned, including the CEO and other high-level company owners. This action is part of a broader effort to dismantle the ransomware supply chain by targeting critical enablers.
Cybercriminals continue to rely heavily on bulletproof hosting service providers like Aeza Group to facilitate their attacks. These services have been a godsend for threat actors as they are known to deliberately ignore abuse reports. They also ignore law enforcement takedown requests, often operating in countries with very weak legal enforcement standards. This makes them a resilient option for attackers to host their malicious infrastructure without any major disruption. This infrastructure includes phishing sites, command-and-control servers, and other systems used for distributing malware to their targets.
The company Aeza Group, headquartered in St. Petersburg, Russia, is accused of leasing its services to ransomware families.
These ransomware groups include the notorious BianLian gang and the operators behind many different infostealing malware families. Some of these have been used to target US defense industrial base companies and other technology firms worldwide. The platform also helped BlackSprut, a long-running Russian darknet marketplace used to buy and sell illicit drugs. Cybersecurity researchers have also previously linked Aeza Group to a pro-Kremlin disinformation campaign known as Doppelgänger.
One of the sanctioned individuals is Arsenii Penzev, the CEO and a thirty-three percent owner of Aeza Group. It is worth noting that Penzev was arrested in Russia in early April on charges of leading a criminal organization. He was also charged with enabling large-scale drug trafficking by hosting the illicit BlackSprut drugs marketplace. Another sanctioned individual, Yurii Bozoyan, was also detained in Russia with Penzev for his role in helping BlackSprut. These sanctions build upon the Treasury’s previous action in February, which sanctioned another Russian bulletproof hosting provider.
Reference: