WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is designating Aeza Group, a bulletproof hosting (BPH) services provider, for its role in supporting cybercriminal activity targeting victims in the United States and around the world. BPH service providers sell access to specialized servers and other computer infrastructure designed to help cybercriminals like ransomware actors, personal information stealers, and drug vendors evade detection and resist law enforcement attempts to disrupt their malicious activities. OFAC is also designating two affiliated companies and four individuals who are Aeza Group leaders. Finally, in coordination with the United Kingdom’s (UK) National Crime Agency (NCA), OFAC is designating an Aeza Group front company in the UK.
“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”
Today’s action is being taken pursuant to Executive Order (E.O.) 13694, as further amended, and builds on OFAC’s February action targeting ZServers BPH. Today’s action also reflects Treasury’s continued work to combat cybercrime and degrade the support networks that enable malicious actors to target U.S. citizens, technology, and critical industries.
AEZA GROUP: KEY TECHNICAL SUPPORT FOR RANSOMWARE GROUPS, CYBERCRIME, AND ILLICIT DRUGS
Aeza Group, headquartered in St. Petersburg, Russia, has provided BPH services to ransomware and malware groups such as the Meduza and Lumma infostealer operators, who have used the hosting service to target the U.S. defense industrial base and technology companies, among other victims globally. Infostealers are often used to harvest personal identifying information, passwords, and other sensitive credentials from compromised victims. These credentials are then often sold on darknet markets for profit, making infostealer operators a key piece of the cybercrime ecosystem.
Aeza Group has also hosted BianLian ransomware, RedLine infostealer panels, and BlackSprut, a Russian darknet marketplace for illicit drugs. Darknet drug marketplaces allow for the anonymous purchase and shipment of narcotics over the internet, making them a present and increasing contributor to drug trafficking to the United States and worldwide. According to Treasury’s Financial Crimes Enforcement Network (FinCEN) and its supplemental advisory on fentanyl, criminal organizations use darknet marketplaces to sell precursor chemicals and manufacturing equipment used for the synthesis of fentanyl and other synthetic opioids, as well as to traffic fentanyl and other narcotics into the United States.
OFAC is designating Aeza Group pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being responsible or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States, and that have the purpose of or involve causing a misappropriation of funds or economic resources, intellectual property, proprietary or business confidential information, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.
Aeza International Ltd. is the United Kingdom branch of Aeza Group. Aeza Group uses Aeza International to lease IP addresses to cybercriminals, including Meduza infostealer operators.
Aeza Logistic LLC and Cloud Solutions LLC are Russia-based subsidiaries that are 100% owned by Aeza Group.
OFAC is designating Aeza International Ltd., Aeza Logistic LLC and Cloud Solutions LLC pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Aeza Group, a person whose property and interests in property are blocked pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306.
KEY AEZA GROUp PERSONNEL
Arsenii Aleksandrovich Penzev (Penzev) is the CEO and 33% owner of Aeza Group. Penzev has been involved in multiple bulletproof hosting and illicit drug marketplace businesses and has been arrested by Russian law enforcement for his placement of illicit drug marketplace Blacksprut onto Aeza Group infrastructure.
Yurii Meruzhanovich Bozoyan (Bozoyan) is the general director and 33% owner of Aeza Group. Bozoyan helped manage the finances of Aeza Group and was similarly arrested for his involvement in Blacksprut.
Vladimir Vyacheslavovich Gast (Gast) is the technical director for Aeza Group and works closely with Penzev and Bozoyan. Gast manages Aeza Group’s internal network and oversaw the technical details of placing Blacksprut on Aeza Group infrastructure.
Igor Anatolyevich Knyazev (Knyazev) is the 33% owner of Aeza Group and is managing the company during the absence of Penzev and Bozoyan.
OFAC is designating Penzev, Bozoyan, Gast, and Knyazev pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being or having been a leader, official, senior executive officer, or member of the board of directors of Aeza Group.
SANCTIONS IMPLICATIONS
As a result of today’s action, all property and interests in property of the designated or blocked persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked persons.
Violations of U.S. sanctions may result in the imposition of civil or criminal penalties on U.S. and foreign persons. OFAC may impose civil penalties for sanctions violations on a strict liability basis. OFAC’s Economic Sanctions Enforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. economic sanctions. In addition, financial institutions and other persons may risk exposure to sanctions for engaging in certain transactions or activities involving designated or otherwise blocked persons. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated or blocked person, or the receipt of any contribution or provision of funds, goods, or services from any such person.
The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the Specially Designated Nationals and Blocked Persons List (SDN List), but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, or to submit a request, please refer to OFAC’s guidance on Filing a Petition for Removal from an OFAC List.
Click here for more information on the persons designated today. To report internet crime to the FBI, click here.
###