U.S. Imposes Sanctions on Four Russian-Linked Bulletproof Hosting Enterprises and Four Individuals for Facilitating Cybercriminal Operations
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on Aeza Group LLC, a Russian-based company accused of providing critical infrastructure services to cybercriminal activities worldwide, including fentanyl trafficking via darknet markets and connections to cryptocurrency exchanges processing illicit payments.
### Role in Fentanyl Trafficking and Darknet Markets
Aeza Group is said to have provided bulletproof hosting (BPH) services to BlackSprut, a large centralized Russian darknet marketplace with over $900 million in incoming funds. BlackSprut has been explicitly linked to the sale and distribution of fentanyl precursor chemicals and synthetic opioids destined for illegal drug markets, including the U.S. By hosting these marketplaces and related infrastructure, Aeza Group enabled the anonymous sale and shipment of narcotics, exacerbating the global drug trafficking crisis.
### Connections with Cybercriminal Groups
The sanctioned company is also accused of supporting ransomware groups such as BianLian, which extorted over $2 million in crypto ransoms, and infostealer malware operators like Meduza and Lumma that target sensitive sectors including U.S. defense and technology firms by harvesting personal data and credentials for resale on darknet markets.
### Cryptocurrency Exchange Links
OFAC designated a TRON blockchain crypto address associated with Aeza Group's illicit activities. This address functioned as an administrative wallet for Aeza’s crypto payment processing and reportedly received over $350,000. The address facilitated cash-outs and obfuscated the cryptocurrency flows tied to cybercrime payments. While the primary crypto address mentioned is on TRON, indirect connections have been reported with cryptocurrency exchanges like Bitpapa and Garantex, which have been implicated in enabling crypto payments and exchanges linked to illicit actors.
### Leadership and Entities Sanctioned
Four key individuals tied to Aeza Group were sanctioned, including CEO Arsenii Aleksandrovich Penzev, General Director Yurii Meruzhanovich Bozoyan, Technical Director Vladimir Vyacheslavovich Gast, and co-owner Igor Anatolyevich Knyazev. Besides Aeza Group LLC, affiliated companies including a UK-based front named Aeza International Ltd were also targeted.
The sanctions follow the February 2025 designation of the Russian BPH services Zservers. The Aeza Group's designation is part of ongoing efforts to disrupt criminal ecosystems that facilitate drug trafficking and cybercrimes.
- The elliptic flow of money in the cybercrime underworld has been traced to a TRON blockchain analytics, with a crypto address associated with Aeza Group's illicit activities reportedly receiving over $350,000.
- General-news outlets have reported connections between Aeza Group and crime-and-justice entities, including ransomware groups like BianLian and infostealer malware operators such as Meduza and Lumma.
- In addition to the central Russian darknet marketplace, BlackSprut, which Aeza Group allegedly hosted, and the fentanyl trafficking via darknet markets, recent news has also implicated Aeza Group with cryptocurrency exchanges like Bitpapa and Garantex, contributing to the general-news discourse about technology and cybersecurity.
