- The US Government has identified and sanctioned a Russia-associated BPH provider
- Britain’s national criminal agency helped identify a British front
- The sanctions may not affect Russian attackers
AEZA Group, a Russian bulletproof hosting provider, and four affiliated companies have been sanctioned by the US government to support ransomware and cybercrime marking the second time this year the United States has sanctioned bulletproof hosting providers.
Bulletproof Hosting (BPH) providers are web hosting companies that deliberately allow and facilitate illegal or malicious activities by ignoring requests for law enforcement and the AEZA group has been linked to a handful of known attacks.
The group specifically provided infrastructure for Ransomware Group Bianlian, which is assumed to operate from Russia, as well as infoTeal operations such as Meduza and Lumma.
Russian BPH provider received US sanctions
It is believed that Bianlian has targeted critical infrastructure in the United States as well as notable organizations such as Save the Children. Formerly known for ransomware -encryption, attackers began to focus on data filling and extortion in early 2024.
Apart from sanctioning the Russia-registered AEZA group, the United States has also sanctioned Aeza International, the group’s British affiliated company, with thanks to the United Kingdom’s national crime agency. Arsenii Aleksandrovich Penzev, Yurii Meruzhanovich Bozoyan and Igor Anatolyevich Knyazev are the three key surfaces associated with AEZA, each owning one third of the company.
“Treasury, in close coordination with the United Kingdom and our other international partners, remains resolved to postpone the critical nodes, infrastructure and individuals supporting this criminal ecosystem,” Bradley T Smith explained.
The sanctions mean that US companies have been forbidden to engage in the AEZA Group, but with the BPH provider who seems to attract a mostly Russian customer base, America’s sanctions are unlikely to have a meaningful influence on how Russian attackers use the bulletproof host.
“Violations of US sanctions may result in the introduction of civil or criminal sanctions for us and foreign persons,” a press release in the Treasury confirms.
In addition to tackling the BPH provider, US authorities also recently treated Lumma by seizing five Internet domains used for the information-stunning malware service.
