02.07.2025 17:57

The United States Treasury Department imposed sanctions on the Aeza Group, a Russian-based bulletproof hosting (BPH) provider, along with its leadership and a cryptocurrency wallet linked to its operations. This action, announced by the Office of Foreign Assets Control (OFAC) on Tuesday, targets Aeza for allegedly facilitating cybercriminal activities, including ransomware attacks and information theft. The sanctions aim to disrupt the group's ability to support these illicit operations by cutting off their access to the global financial system.


Specifically, Aeza is accused of providing specialized servers and other infrastructure to cybercriminals, enabling them to launch ransomware campaigns and steal sensitive data. Besides the Aeza Group itself and its executives, the sanctions also encompass a cryptocurrency wallet containing approximately $350,000 in digital assets, several affiliated companies based in Russia and the United Kingdom, and four Russian individuals implicated in the organization's management or ownership. This comprehensive approach seeks to dismantle the entire support network fueling Aeza’s activities.


According to Chainalysis, a blockchain analytics firm, the sanctioned cryptocurrency address, residing on the Tron blockchain, functioned as an administrative wallet for Aeza. This wallet managed the processing of payments received for Aeza's services, routing funds to various cryptocurrency exchanges while sometimes receiving direct payments. Chainalysis’s investigation revealed that Aeza employed a payment processor to obscure the origin of customer payments, hindering the traceability of transactions.


Further analysis by TRM Labs, another blockchain intelligence firm, unveiled additional connections between the sanctioned cryptocurrency address and other elements of the cybercrime ecosystem. The address showed regular cash-outs to payment processors and exhibited links, via intermediary addresses, to other cybercrime services and even the sanctioned Russian cryptocurrency exchange, Garantex. These findings underscore the interconnectedness of Aeza's operations within a broader network of malicious actors. The sanctions, therefore, represent a significant blow to this network, targeting not just Aeza itself but also key financial mechanisms supporting its illicit activities. OFAC’s allegations include supporting ransomware and malware groups such as Meduza, Lumma, BianLian, RedLine, and BlackSprut.