Russian Hosting Provider Aeza Group Sanctioned for Aiding Hackers and Darknet Drug Markets
Author: Lisa & Liz
Editor: Liz
Background
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has recently announced sanctions against Aeza Group, a Russia-based company accused of providing hosting services to ransomware operators and information-stealing malware groups.
The sanctions target not only Aeza Group, but also its UK-based front company Aeza International Ltd., two Russian subsidiaries (Aeza Logistic LLC and Cloud Solutions LLC), four key executives (CEO Arsenii Penzev, Director Yurii Bozoyan, CTO Vladimir Gast, and Administrator Igor Knyazev), as well as one cryptocurrency wallet address (TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F).
“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”
This move signals a shift in international enforcement priorities — from targeting attackers themselves to dismantling the backend infrastructure that enables cybercrime. In this article, we’ll explore Aeza Group’s operations and their role in the cybercrime ecosystem, supported by blockchain intelligence analysis from MistTrack, an anti-money laundering and crypto-tracing platform.
Who Is Aeza Group?
Aeza Group is a bulletproof hosting (BPH) provider headquartered in Saint Petersburg, Russia. The company has long been known for offering anonymous and resilient hosting infrastructure to cybercriminals, including ransomware gangs, infostealer operators, and illicit drug markets.
Notable clients include:
- Infostealer groups like Lumma and Meduza, which have targeted the U.S. defense industrial base and global tech companies.
- Ransomware and data-theft groups such as BianLian and RedLine.
- The Russian darknet drug market Blacksprut, which Aeza not only hosted, but allegedly helped build technical infrastructure for.
According to OFAC, Blacksprut is widely used for the global distribution of fentanyl and synthetic drugs, posing a serious threat to public health and safety.
MistTrack Analysis
According to MistTrack, the wallet address under sanction
(TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F)
has been active since 2023 and has received over $350,000 in USDT.
Further analysis shows interactions with the following entities:
- Withdrawals to known centralized exchanges and OTC platforms such as Cryptomus and WhiteBIT, suggesting attempts to launder funds.
- Links to other sanctioned entities, including Garantex and Lumma.
- Ties to Stealer-as-a-Service platforms promoted on Telegram.
- Associations with addresses related to Blacksprut.
MistTrack’s counterparty analysis reveals a significant concentration of interactions within these high-risk categories.
On July 2, one day after OFAC’s announcement, Aeza’s Telegram channel remained active, with administrators sharing alternate mirror links to help users access the platform.
Domain lookup shows these alternate sites were registered on the same day the sanctions were announced.
Conclusion
The sanctions against Aeza Group reflect a broader regulatory shift: from chasing individual attackers to disrupting the support infrastructure that powers cybercrime. Hosting providers, anonymized communication tools, and crypto payment rails are increasingly under scrutiny.
For businesses, exchanges, and service providers, KYC/KYT is no longer optional — failure to screen clients may result in secondary sanctions or reputational damage.
Future compliance will hinge on identifying not just who gets paid, but who provides the backend support — computing power, bandwidth, and anonymity — to cybercriminals.
Tools like MistTrack, developed by SlowMist, are playing an essential role in this fight. With a database covering over 300 million labeled addresses, 1,000+ entities, 500,000+ threat intelligence records, and 90 million+ risk addresses, MistTrack is helping compliance teams and investigators detect and block illicit flows, safeguard digital assets, and fight crypto-enabled crime.
About SlowMist
SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.
SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.
