To Shield Hackers and the Dark Web, Russian Hosting Provider Aeza Group Faces Comprehensive Sanctions

Original Article Title: "Russian Service Provider Aeza Group Behind Hackers, Dark Web, and Drug Markets Sanctioned"

Original Article Authors: Lisa, Liz, SlowMist Technology

Background

Recently, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced sanctions on Russia-based Aeza Group and its affiliated entities, citing the company's provision of hosting services for ransomware and information-stealing tools.

This sanction includes Aeza Group, its UK front company Aeza International Ltd., two Russian subsidiaries (Aeza Logistic LLC and Cloud Solutions LLC), four executives (CEO Arsenii Penzev, Director Yurii Bozoyan, CTO Vladimir Gast, and Manager Igor Knyazev), and a cryptocurrency wallet (TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F).

"Cybercriminals continue to heavily rely on bulletproof hosting services like Aeza Group to carry out destructive ransomware attacks, steal U.S. technology, and sell black market drugs," said Deputy Assistant Secretary for Terrorist Financing and Financial Crimes Bradley T. Smith of the U.S. Department of the Treasury. "The Treasury Department will continue to closely cooperate with the UK and other international partners to steadfastly expose the key nodes, infrastructure, and individuals supporting this criminal ecosystem."

This sanction action signifies that international law enforcement agencies are shifting their focus from attackers themselves to the underlying technical infrastructure and service providers. This article will outline Aeza Group's background and operating model, and combine it with an analysis from the on-chain anti-money laundering and tracking tool MistTrack to reconstruct its role in the criminal ecosystem.

Who is Aeza Group?

The Aeza Group is a Bulletproof Hosting (BPH) service provider based in St. Petersburg, Russia, that has long provided dedicated servers and anonymous hosting services to ransomware groups, infostealer operators, and illicit drug trading platforms, among other cybercriminal organizations.

Its clients include notorious infostealer operators such as Lumma and Meduza, who have targeted U.S. defense industrial base and global tech companies; ransomware and data theft groups BianLian and RedLine; and Russia's prominent dark web drug market Blacksprut. Aeza not only provides hosting services to Blacksprut but also participates in its technical infrastructure development. According to OFAC disclosures, Blacksprut has been widely used for the global distribution of fentanyl and other synthetic drugs, posing a significant threat to public safety.

MistTrack Analysis

According to the on-chain anti-money laundering and tracking platform MistTrack's analysis, the sanctioned address (TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F) has been active since 2023 and has received over $350,000 USDT.

Based on MistTrack analysis, this address has interacted with the following entities:

· Transferred assets to multiple well-known exchanges/OTCs for fund laundering purposes, such as Cryptomus, WhiteBIT, etc.;

· Associated with sanctioned entities like Garantex, Lumma;

· Associated with addresses related to the dark web drug market Blacksprut.

Based on MistTrack's counterparties analysis, the interaction breakdown of this address is as follows:

Upon investigation, the creation timestamp of these two backup URLs coincidentally aligns with the day OFAC announced sanctions on Aeza.

Conclusion

The sanction on Aeza Group demonstrates that global regulations are expanding the target of enforcement from attackers to their underlying technical service networks. Hosting providers, anonymous communication tools, payment channels are becoming the new focus of compliance enforcement. For enterprises, exchanges, and service providers, KYC/AML is no longer optional. Business entities may face sanctions risk if inadvertently engaged with high-risk entities.