US Authorities Impose Sanctions on Aeza Group Hosting and Its Operators

Red Dog Security

2 min read
US Authorities Impose Sanctions on Aeza Group Hosting and Its Operators

The U.S. Department of the Treasury has imposed sanctions on Aeza Group, a Russian-based “bulletproof” hosting provider, along with four of its top operators. According to U.S. officials, Aeza’s infrastructure was actively used by ransomware gangs, information-stealing malware operators, and darknet marketplaces.

Allegations and Sanctions

The sanctions were announced by the Office of Foreign Assets Control (OFAC), which stated that Aeza’s services enabled the digital operations of:

  • The BianLian ransomware group
  • RedLine stealer panels, a popular malware used to exfiltrate credentials and financial data
  • The BlackSprut darknet marketplace, which trafficked narcotics in the U.S. and abroad

What is "Bulletproof" Hosting?

Aeza Group is described as a "bulletproof" hosting provider, meaning it allegedly ignored abuse complaints and law enforcement requests, providing a safe haven for criminal activity such as malware distribution, phishing infrastructure, and illicit marketplaces.

Individuals Sanctioned

OFAC has also sanctioned four individuals identified as the primary operators of Aeza Group:

  • Arseniy Aleksandrovich Penzev – CEO and 33% owner
  • Yuri Meruzhanovich Bozoyan – General Director and 33% owner
  • Vladimir Vyacheslavovich Gast – Technical Director, known to have worked closely with Penzev and Bozoyan
  • Igor Anatolyevich Knyazev – 33% owner who reportedly managed operations in the absence of Penzev and Bozoyan

Entities Affected

In addition to personal sanctions, the Treasury froze the U.S.-based assets of the following affiliated entities:

  • Aeza International Ltd. (UK-based branch)
  • Aeza Logistic LLC
  • Cloud Solutions LLC

American companies are now prohibited from doing business with Aeza Group, its subsidiaries, or the named individuals.

Arrests in Russia and Additional Allegations

The sanctions come on the heels of reported arrests in April 2025, when Russian media announced the detentions of Bozoyan, Penzev, and several Aeza employees. According to reports, the individuals face charges related to illegal banking activity under Articles 172 and 210 of the Russian Criminal Code, which pertain to unlicensed financial operations and organized criminal groups.

Additional reporting from the Telegram channel Mash suggested a direct link between Aeza Group and BlackSprut, the darknet marketplace:

“All expenses for office rent, equipment, and hardware were covered by [Aeza Group]. The money was received through cryptocurrency wallets and divided among themselves,” Mash reported, citing unnamed sources.

Mash also claimed that BlackSprut operated on Aeza’s servers for more than two years, further substantiating OFAC’s case.

Why It Matters

This marks yet another escalation in the U.S. government’s ongoing efforts to disrupt cybercrime infrastructure at the hosting and service-provider level. The Aeza case highlights how technical enablers, not just malware operators, are increasingly being held accountable.

By targeting infrastructure providers that knowingly support cybercriminals, U.S. and allied authorities aim to dismantle the ecosystem that sustains ransomware, financial fraud, and darknet commerce.

Stay tuned for updates on international law enforcement efforts and the legal proceedings surrounding Aeza Group and its operators.

Read more