The United States Treasury Department has taken action against the Russia-based Aeza Group and its affiliates due to their central role in cybercrime networks. On July 1, 2025, the Office of Foreign Assets Control (OFAC) added Aeza Group and its three subsidiaries to its sanctions list for providing “bulletproof hosting” (BPH) services. These services facilitate cryptocurrency-focused ransomware, phishing attacks, and dark market activities. OFAC also targeted Arsenii A. Penzev, Yurii M. Bozoyan, Vladimir V. Gast, and Igor A. Knyazev, who are integral to the company’s operations.
Impact on Cybercrime
Aeza Group has been instrumental in supporting cybercriminals who target victims globally with ransomware attacks. These criminals rely on BPH providers to launder cryptocurrency ransoms and steal U.S. technology. Treasury official Bradley T. Smith emphasized the ongoing threat posed by such providers and the necessity to counter these activities effectively.
The investigation revealed that Aeza’s TRON cryptocurrency address recorded transactions exceeding $350,000. This address has ties to the BlackSprut dark market, a platform with over $900 million in cryptocurrency inflows. BlackSprut is also implicated in the trade of fentanyl and other chemicals.
Aeza’s infrastructure supported ransomware operations such as the BianLian group, known for collecting over $2 million in ransoms, and identity theft operations like Meduza and Luma. OFAC stated that disrupting this network is a priority for U.S. cybersecurity. The sanctions aim to freeze the assets of the associated companies and individuals in the U.S. while prohibiting Americans from engaging with them.
Blocking Cryptocurrency Flows
The four directors placed on the sanction list hold significant shares in Aeza Group and are responsible for running its daily operations. The Treasury Department is determined to trace and obstruct the flow of cryptocurrency linked to all blacklisted wallets. The initiative sends a strong deterrent message to other platforms offering similar hosting services.
Experts note that while the sanctions may limit the ransomware groups’ hosting options, the global BPH market offers numerous alternatives, making complete solutions elusive. Cryptocurrency users are advised to adopt strong authentication, robust password management, and adhere to official guidelines. Caution is particularly advised against deals that appear “too good to be true.”
