{"id":7772,"date":"2025-07-01T13:30:55","date_gmt":"2025-07-01T18:30:55","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85044"},"modified":"2025-07-01T13:30:55","modified_gmt":"2025-07-01T18:30:55","slug":"us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/07\/01\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations\/","title":{"rendered":"US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations"},"content":{"rendered":" US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop<\/title> <meta name=\"description\" content=\"Russia-based Aeza Group allegedly provided infrastructure to BianLian ransomware and the Meduza, RedLine and Lumma infostealer operators.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/bulletproof-hosting-provider-aezagroup-sanctions\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations\"> <meta property=\"og:description\" content=\"Russia-based Aeza Group allegedly provided infrastructure to BianLian ransomware and the Meduza, RedLine and Lumma infostealer operators.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/bulletproof-hosting-provider-aezagroup-sanctions\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-07-01T18:30:55+00:00\"> <meta property=\"article:modified_time\" content=\"2025-07-01T18:35:01+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-2.jpg\"> <meta property=\"og:image:width\" content=\"2048\"> <meta property=\"og:image:height\" content=\"1152\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1750115417g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1748220166g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85044\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85044\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fbulletproof-hosting-provider-aezagroup-sanctions%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fbulletproof-hosting-provider-aezagroup-sanctions%2F&format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85044 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/bulletproof-hosting-provider-aezagroup-sanctions\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.758620689655\">\n<div class=\"single-article__header-content\" readability=\"35.242280285036\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/bulletproof-hosting-provider-aezagroup-sanctions\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Russia-based Aeza Group allegedly provided infrastructure to BianLian ransomware and the Meduza, RedLine and Lumma infostealer operators. <\/p>\n<p> <!-- Listen to this article section --> <!-- Audio Element --><br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85044\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p> <!-- Countdown Timer --> <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p> <!-- Tooltip --> <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p> <!-- End of audio player --> <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-2.jpg 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-2.jpg?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (wikicommons) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"31.180266579974\"><body readability=\"63.230769230769\"><\/p>\n<p>Federal authorities <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/sb0185\">levied sanctions Tuesday on Aeza Group<\/a>, a bulletproof hosting service provider based in Russia, for allegedly supporting a broad swath of ransomware, malware and infostealer operators.<\/p>\n<p>Aeza Group has provided servers and specialized infrastructure to the Meduza, RedLine and Lumma infostealer operators, BianLian ransomware and BlackSprut, a Russian marketplace for illicit drugs, according to the Treasury Department\u2019s Office of Foreign Assets Control. Lumma <a href=\"https:\/\/cyberscoop.com\/lumma-infostealer-widespread-victims\/\">infected about 10 million systems<\/a> before it was dismantled through a coordinated global takedown in May.<\/p>\n<p>The Treasury Department\u2019s action against Aeza Group follows a <a href=\"https:\/\/cyberscoop.com\/cybercrime-crackdown-operation-endgame-operation-secure\/\">wave of cybercrime crackdowns<\/a> across the globe. Prolific cybercriminals have been arrested, and infostealers, malware loaders, counter antivirus and crypting services, cybercrime marketplaces, ransomware infrastructure and DDoS-for-hire operations have all been seized, taken offline or severely disrupted by global coordinated campaigns since May.<\/p>\n<p>Officials accused Aeza Group of helping cybercriminals target U.S. defense companies and technology vendors.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cCybercriminals continue to rely heavily on bulletproof hosting service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology and sell black-market drugs,\u201d Bradley T. Smith, the Treasury Department\u2019s acting under secretary for terrorism and financial intelligence, said in a statement. <\/p>\n<p>The Treasury Department sanctioned four people for their involvement in Aeza Group, including two part owners \u2014 Asenii Aleksandrovich Penzev and Yurii Meruzhanovich Bozoyan \u2014 who were previously arrested by Russian law enforcement for their alleged involvement in BlackSprut, authorities said. Igor Anatolyevich Knyazev, another part owner of Aeza Group, and Vladimir Vyacheslavovich Gast were also sanctioned for their leadership positions in the criminal enterprise.<\/p>\n<p>Authorities also imposed sanctions on Aeza Group-affiliated companies, including United Kingdom-based Aeza International and Russia-based subsidiaries Aeza Logistic and Cloud Solutions. <\/p>\n<p>The sanctions imposed on Aeza Group and its leaders were a follow-on effort, marking a continuation of February\u2019s <a href=\"https:\/\/cyberscoop.com\/zservers-bulletproof-hosting-sanctions-lockbit-ransomware\/\">globally coordinated sanctions against Zservers<\/a>, a Russia-based bulletproof hosting provider that allegedly supported the LockBit ransomware-as-a-service group.<\/p>\n<p>\u201cTreasury, in close coordination with the U.K. and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem,\u201d Smith said.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.8571428571429\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/us-sanctions-bulletproof-hosting-provider-for-supporting-ransomware-infostealer-operations-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/bulletproof-hosting-provider-aezagroup-sanctions\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,78,3914,46,270,1271,509],"tags":[286,86,3918,54,276,1274,511],"class_list":["post-7772","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-cybersecurity","category-infostealers","category-ransomware","category-russia","category-sanctions","category-treasury-department","tag-cybercrime","tag-cybersecurity","tag-infostealers","tag-ransomware","tag-russia","tag-sanctions","tag-treasury-department"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/infostealers\/\" rel=\"category tag\">infostealers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sanctions\/\" rel=\"category tag\">sanctions<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/treasury-department\/\" rel=\"category tag\">Treasury Department<\/a>","tag_info":"Treasury Department","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7772"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7772\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7772"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}