US Treasury Sanctions Global Bulletproof Hosting Service Aeza Group For Enabling Cybercriminal Activity
Today (July 1, 2025), the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), in coordination with the United Kingdom’s National Crime Agency (NCA), imposed sanctions on the Russia-based bulletproof hosting provider (BPH), Aeza Group and four of its key leaders.
According to OFAC, Aeza Group has provided BPH services to ransomware and malware groups such as the Meduza and Lumma infostealer operators, who have used the hosting service to target US defense and technology companies, among other victims globally. Aeza Group also hosted the infamous Russian darknet marketplace, Blacksprut. Included in today’s designation was the UK-based front company for Aeza Group, Aeza International Limited, which is used to lease IP addresses to cyber criminals, according to the designation. The designation also included Aeza Logistic and Cloud Solutions, Russia-based, wholly owned subsidiaries of Aeza Group. Since the announcement of the designation, the websites associated with these companies have not been operational.
OFAC also listed four key individuals connected to Aeza: Arsenii Aleksandrovich Penzev, the CEO and 33% owner, Yurri Meruzhanovich Bozoyan, the general director and 33% owner, Vladimir Vyacheslavovich Gast, technical director, and Igor Anatolyevich Knyazev, the 33% owner of Aeza Group. According to OFAC, Gast was responsible for the internal network of Aeza Group and oversaw the technical details of placing Blacksprut on the Aeza Group infrastructure.
Penzev and Bozoyan have both been arrested by Russian law enforcement due to their involvement with Blacksprut. According to Telegram channels, Bozoyan and Penzev began to provide Blacksprut with services in 2023.
Today’s designation included one cryptocurrency address, which, according to TRM, has received over USD 350,000 in volume. The address shows regular cash-out points to global cryptocurrency exchanges and payment services providers, as well as connections through intermediary addresses to other cybercrime services, as well as the sanctioned cryptocurrency exchange Garantex.
.pptx.jpg)
Today’s designations underscore a continuing trend of growing focus by authorities on disrupting not just individual threat actors, but also the infrastructure that enables their operations. As cyber criminals continue to exploit hosting services and payment channels to scale their reach, enforcement actions like this aim to reduce the surface area of abuse. Aeza Group’s role in facilitating global cybercrime illustrates how infrastructure providers can serve as critical enablers—and potential pressure points—for law enforcement and regulators alike.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.