Federal authorities levied sanctions Tuesday on Aeza Group, a bulletproof hosting service provider based in Russia, for allegedly supporting a broad swath of ransomware, malware and infostealer operators.
Aeza Group has provided servers and specialized infrastructure to the Meduza, RedLine and Lumma infostealer operators, BianLian ransomware and BlackSprut, a Russian marketplace for illicit drugs, according to the Treasury Department’s Office of Foreign Assets Control. Lumma infected about 10 million systems before it was dismantled through a coordinated global takedown in May.
The Treasury Department’s action against Aeza Group follows a wave of cybercrime crackdowns across the globe. Prolific cybercriminals have been arrested, and infostealers, malware loaders, counter antivirus and crypting services, cybercrime marketplaces, ransomware infrastructure and DDoS-for-hire operations have all been seized, taken offline or severely disrupted by global coordinated campaigns since May.
Officials accused Aeza Group of helping cybercriminals target U.S. defense companies and technology vendors.
“Cybercriminals continue to rely heavily on bulletproof hosting service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology and sell black-market drugs,” Bradley T. Smith, the Treasury Department’s acting under secretary for terrorism and financial intelligence, said in a statement.
The Treasury Department sanctioned four people for their involvement in Aeza Group, including two part owners — Asenii Aleksandrovich Penzev and Yurii Meruzhanovich Bozoyan — who were previously arrested by Russian law enforcement for their alleged involvement in BlackSprut, authorities said. Igor Anatolyevich Knyazev, another part owner of Aeza Group, and Vladimir Vyacheslavovich Gast were also sanctioned for their leadership positions in the criminal enterprise.
Authorities also imposed sanctions on Aeza Group-affiliated companies, including United Kingdom-based Aeza International and Russia-based subsidiaries Aeza Logistic and Cloud Solutions.
The sanctions imposed on Aeza Group and its leaders were a follow-on effort, marking a continuation of February’s globally coordinated sanctions against Zservers, a Russia-based bulletproof hosting provider that allegedly supported the LockBit ransomware-as-a-service group.
“Treasury, in close coordination with the U.K. and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem,” Smith said.
The post US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations appeared first on CyberScoop.