On July 1, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Aeza Group, a Russia-based bulletproof hosting (BPH) services provider, for its role in facilitating cybercriminal activities targeting victims in the United States and globally. Bulletproof hosting providers like Aeza Group offer specialized servers and infrastructure designed to shield cybercriminals from law enforcement detection.
This designation, which also includes two affiliated companies, four individuals, and a U.K.-based front company, underscores the U.S. government’s ongoing efforts to disrupt the infrastructure enabling ransomware, data theft, and illicit drug trafficking.
Aeza Group’s use of cryptocurrency for payments further highlights the evolving intersection of cybercrime and digital assets, as detailed in a recent Chainalysis update.
BPH services create a safe haven for malicious actors, including ransomware operators, infostealer malware distributors, and darknet marketplaces.
Aeza Group, headquartered in St. Petersburg, Russia, has been linked to high-profile cybercrime operations, including the BianLian ransomware gang, RedLine and Lumma infostealer malware, and BlackSprut, a Russian darknet marketplace trafficking illicit drugs.
Additionally, Aeza has been associated with the pro-Kremlin disinformation campaign “Doppelgänger,” which targets audiences in Europe and the U.S.
OFAC’s sanctions target not only Aeza Group but also its subsidiaries, Aeza Logistic LLC and Cloud Solutions LLC, as well as Aeza International Ltd., a U.K.-based front company.
Four individuals—Arsenii Aleksandrovich Penzev (CEO and 33% owner), Yurii Meruzhanovich Bozoyan (general director and 33% owner), Vladimir Vyacheslavovich Gast (technical director), and Igor Anatolyevich Knyazev (33% owner)—were also designated for their leadership roles.
Notably, Russian authorities arrested Penzev, Bozoyan, and others in April 2025 for alleged involvement in illegal banking and hosting BlackSprut, though the U.K. front continued leasing IPs to cybercriminals until this sanction.
The sanctions freeze all U.S.-based assets of the designated entities and individuals, prohibiting U.S. persons from transacting with them.
Violations carry severe civil or criminal penalties, signaling the U.S. government’s commitment to dismantling cybercrime networks.
This action builds on prior OFAC sanctions, such as those against ZServers in February 2025, reflecting a consistent strategy to target BPH providers.
Chainalysis identified a crypto address associated with Aeza Group in the OFAC designation, used to facilitate payments for its illicit services.
There is reportedly a broader trend in crypto-related crime, where sanctioned entities are increasingly leveraging stablecoins and other digital assets to evade traditional financial controls.
In 2024, sanctioned entities received $15.8 billion in cryptocurrency, accounting for 39% of illicit crypto transactions, with Russia-based actors like Aeza Group exploiting platforms like Garantex, an OFAC-sanctioned exchange, for cash-outs.