Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting

U.S. Treasury sanctions Russia-based Aeza Group and affiliates for aiding cybercriminals via bulletproof hosting services. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Russia-based Aeza Group for aiding global cybercriminals via bulletproof hosting services. A bulletproof hosting service is a type of internet hosting provider that knowingly allows cybercriminals to host malicious content […]

US Treasury Department Bulletproof Hosting

WASHINGTON, DC – JANUARY 18: The Treasury Department is seen on January 18, 2023 in Washington, DC. U.S. Treasury Secretary Janet Yellen warned republican and democrat leaders that the federal government will reach its limit on the amount of money it is able to borrow on January 19th and that further action is needed by lawmakers to prevent economic default. (Photo by Anna Moneymaker/Getty Images)

U.S. Treasury sanctions Russia-based Aeza Group and affiliates for aiding cybercriminals via bulletproof hosting services.

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Russia-based Aeza Group for aiding global cybercriminals via bulletproof hosting services.

A bulletproof hosting service is a type of internet hosting provider that knowingly allows cybercriminals to host malicious content or run illegal operations, and helps them stay online even when authorities try to shut them down.

Unlike regular hosting companies, bulletproof hosts often ignore abuse reports, turn a blind eye to illegal activity, or are even complicit in the crimes. These services might be used to host things like phishing websites, malware, ransomware operations, or underground marketplaces.

They’re called “bulletproof” because they’re designed to be resistant to takedowns, either by hiding behind layers of anonymity, operating in countries with weak enforcement, or constantly moving servers around.

Two affiliates, four leaders, and a UK front company were also designated, in coordination with the UK’s National Crime Agency. The infrastructure of the Aeza Group was used by ransomware and malware groups such as the Meduza and Lumma infostealer operators, data thieves, and drug vendors by helping them evade detection and law enforcement.

“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith.  “Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”

The sanctions also target Aeza Group’s subsidiaries, Aeza International Ltd. (UK), Aeza Logistic LLC, and Cloud Solutions LLC, along with four key figures: CEO Arsenii Penzev, General Director Yurii Bozoyan, Technical Director Vladimir Gast, and part-owner Igor Knyazev. All are linked to managing or operating the cybercrime-supporting infrastructure.

Arsenii Penzev, CEO and 33% owner of Aeza Group, has ties to bulletproof hosting and illegal drug marketplaces. He was arrested in Russia for hosting the illicit Blacksprut marketplace hosted on Aeza’s infrastructure.

On February 11, 2025, the US, UK, and Australia sanctioned another Russian bulletproof hosting services provider, Zservers/XHost, and two Russian administrators because they supported Russian ransomware LockBit operations.

Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov are the two Russian nationals and administrators of Zservers.  

A few days later, Dutch police announced it took 127 servers associated with the bulletproof hosting service Zservers/XHost offline. The law enforcement revealed that Zservers’ servers were in Amsterdam, and cybercrime groups like Conti and LockBit used the platform.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, bulletproof hosting)