Original Title: "Russian Service Provider Aeza Group Behind Hackers, Dark Web, and Drug Markets Sanctioned"
Original Authors: Lisa, Liz, Slow Fog Technology
Background
Recently, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced sanctions against Aeza Group, a Russia-based company, and its affiliated entities, citing that the company provided hosting services for ransomware and information theft tools.
(https://home.treasury.gov/news/press-releases/sb0185)
The sanctions cover Aeza Group and its UK front company Aeza International Ltd., two Russian subsidiaries (Aeza Logistic LLC and Cloud Solutions LLC), four executives (CEO Arsenii Penzev, Director Yurii Bozoyan, Technical Director Vladimir Gast, and Manager Igor Knyazev), as well as a cryptocurrency wallet (TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F).
"Cybercriminals continue to rely heavily on bulletproof hosting providers like Aeza Group to launch destructive ransomware attacks, steal U.S. technology, and sell drugs on the black market," said Bradley T. Smith, Acting Deputy Secretary for Terrorism and Financial Intelligence at the Treasury Department. "The Treasury will continue to work closely with the UK and other international partners to steadfastly expose the key nodes, infrastructure, and individuals that support this criminal ecosystem."
This sanction action marks a shift in international law enforcement's focus from the attackers themselves to the technological infrastructure and service providers behind them. This article will outline the background and operational model of Aeza Group, and analyze its role in the criminal ecosystem using the on-chain anti-money laundering and tracking tool MistTrack.
Who is Aeza Group?
(https://www.pcmag.com/news/us-sanctions-russian-web-hosting-provider-aeza-for-fueling-malware)
Aeza Group is a bulletproof hosting (BPH) service provider based in St. Petersburg, Russia, that has long provided dedicated servers and anonymous hosting services to ransomware gangs, information theft tool operators, and other cybercriminal groups involved in illegal drug trading platforms.
Its clients include notorious information theft tool operators such as Lumma and Meduza, which have targeted the U.S. defense industrial base and global tech companies; ransomware and data theft gangs BianLian and RedLine; as well as the well-known Russian dark web drug market Blacksprut. Aeza not only provides hosting services for Blacksprut but also participates in its technical architecture construction. According to OFAC disclosures, Blacksprut is widely used for the global distribution of fentanyl and other synthetic drugs, posing a severe threat to public safety.
MistTrack Analysis
According to analysis from the on-chain anti-money laundering and tracking platform MistTrack, the sanctioned address (TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F) has been active since 2023 and has received over $350,000 in USDT.
MistTrack's analysis shows that this address interacts with the following entities:
- Transfers assets to multiple well-known trading platforms/OTC, such as Cryptomus and WhiteBIT, for money laundering;
- Associated with sanctioned entities like Garantex and Lumma;
- Related to information theft-as-a-service platforms promoted on Telegram;
- Associated with addresses related to the dark web drug market Blacksprut.
According to MistTrack's counterparty function analysis, the interaction proportions of this address are as follows:
Additionally, we found that on July 2, Aeza's Telegram was still active, with the administrator posting alternative links to prevent users from having trouble accessing the main site:
Upon investigation, the creation dates of these two alternative links coincided with the day OFAC announced sanctions against Aeza.
Conclusion
The sanctions against Aeza Group indicate that global regulation is shifting its focus from attackers to the technological service networks behind them. Hosting providers, anonymous communication tools, and payment channels are becoming new focal points for compliance enforcement. For businesses, trading platforms, and service providers, KYC/KYT is no longer optional; failing to avoid business associations with high-risk entities may lead to joint sanction risks.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
