U.S. Treasury Sanctions Bulletproof Hosting Firm Fueling Ransomware Campaigns

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sweeping sanctions on Aeza Group, a Russia-based bulletproof hosting (BPH) provider, for its pivotal role in enabling global cybercrime, including ransomware attacks, data theft, and illicit drug trafficking.

The action, announced Tuesday, targets Aeza Group’s international network, including affiliated companies in Russia and the United Kingdom, as well as four key leaders of the organization.

Aeza Group: The Backbone of Cybercrime Operations

Headquartered in St. Petersburg, Aeza Group has been identified as a critical infrastructure provider for some of the world’s most notorious cybercriminals.

The company’s servers and specialized infrastructure have supported ransomware groups such as BianLian, and infostealer operators including Meduza, RedLine, and Lumma.

These groups have targeted U.S. defense contractors, technology firms, and numerous victims worldwide, harvesting sensitive data and credentials that are later sold on darknet markets ...