US government cracks down on bulletproof hosting provider helping to prop up cybercrime gangs

Russia
(Image credit: Shutterstock / lockon16)

  • The US government has identified and sanctioned a Russia-linked BPH provider
  • Britain's National Crime Agency helped identify a UK front
  • The sanctions might not affect Russian attackers

Aeza Group, a Russian bulletproof hosting provider, and four affiliates have been sanctioned by the US government for supporting ransomware and cybercrime, marking the second time this year the US has sanctioned bulletproof hosting providers.

Bulletproof hosting (BPH) providers are web hosting companies that knowingly allow and facilitate illicit or malicious activities by ignoring law enforcement requests, and Aeza Group has been linked to a handful of known attacks.

The group specifically provided infrastructure to ransomware group BianLian, which is believed to operate from Russia, as well as infostealer operations like Meduza and Lumma.

Russian BPH provider received US sanctions

It's believed that BianLian has targeted critical infrastructure in the US as well as notable organizations like Save The Children. Previously known for ransomware encryption, the attackers started focusing on data exfiltration and extortion in early 2024.

Apart from sanctioning the Russia-registered Aeza Group, the US has also sanctioned Aeza International, the group's UK affiliate, with thanks to the UK's National Crime Agency. Arsenii Aleksandrovich Penzev, Yurii Meruzhanovich Bozoyan and Igor Anatolyevich Knyazev are the three key faces associated with Aeza, each owning one-third of the company.

"Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem," acting Under Secretary for Terrorism and Financial Intelligence Bradley T Smith explained.

The sanctions mean that US companies have been prohibited from engaging with Aeza Group, however with the BPH provider seemingly attracting a mostly Russian customer base, America's sanctions are unlikely to have a meaningful impact on how Russian attackers use the bulletproof host.

"Violations of US sanctions may result in the imposition of civil or criminal penalties on US and foreign persons," a Treasury press release confirms.

Besides tackling the BPH provider, US authorities also recently dealt with Lumma by seizing five internet domains used for the information-stealing malware service.

You might also like

TOPICS

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.