U.S. Sanctions Crypto Wallet and Russia-Based Aeza Group for Supporting Cybercrime
The U.S. Treasury Department has imposed sanctions on Russian hosting service provider Aeza Group, several of its executives, and a crypto wallet holding $350,000, for allegedly facilitating ransomware operations and info-stealing malware campaigns.
Aeza Group Accused of Enabling Cybercriminal Infrastructure
According to the Office of Foreign Assets Control (OFAC), Aeza Group operated as a bulletproof hosting (BPH) service, offering specialized infrastructure that allowed cybercriminal groups to conduct illicit activities while evading detection. These services allegedly supported ransomware operations, info-stealer malware, and darknet marketplaces.
The sanctions also target four Russian nationals connected to Aeza’s leadership and several affiliated companies in Russia and the UK. Among those named are:
-
Arsenii Aleksandrovich Penzev (CEO and co-owner)
-
Yurii Meruzhanovich Bozoyan (General Director and co-owner)
-
Vladimir Vyacheslavovich Gast (Technical Director)
-
Igor Anatolyevich Knyazev (Co-owner and current operator following arrests)
Crypto Wallet Used for Cybercrime Payments
One of the primary targets of the sanctions is a Tron-based crypto address identified as Aeza’s administrative wallet. According to Chainalysis, this wallet:
-
Facilitated cash-outs from Aeza’s payment processor
-
Routed funds to crypto exchanges
-
Received direct payments for Aeza’s illegal services
Additional investigation by TRM Labs revealed that the wallet is connected to other cybercrime infrastructure, including the sanctioned Russian exchange Garantex, and made frequent transfers to payment service providers.
Ties to Infamous Malware and Darknet Operations
OFAC alleges Aeza provided infrastructure support to a variety of malicious entities, including:
-
Meduza and Lumma info-stealers
-
BianLian ransomware group
-
RedLine infostealer control panels
-
BlackSprut, a Russian darknet marketplace
Notably, Aeza’s executives Penzev and Bozoyan were reportedly arrested by Russian authorities earlier this year for their alleged involvement with BlackSprut.
Sanctions Implications and Law Enforcement Impact
With these sanctions in place, all U.S.-based assets tied to Aeza and the named individuals are frozen, and it becomes illegal for U.S. persons or entities to conduct business with them — with civil and criminal penalties for violations.
Blockchain analytics firms welcomed the move:
-
Chainalysis called it “a significant step” in attacking the cybercrime supply chain, not just individual attackers.
-
TRM Labs noted that targeting services like Aeza helps reduce the “surface area of abuse” and creates leverage points for international law enforcement.
Broader Context
This action follows a broader global effort to disrupt cybercrime infrastructure as losses from phishing, ransomware, and info-stealing malware continue to plague the crypto ecosystem. According to CertiK, such attacks have contributed heavily to the $2.1 billion in crypto thefts recorded so far in 2025.
The latest sanctions reaffirm the U.S. government’s strategy of targeting enablers, not just attackers, in the ongoing battle against large-scale cyber threats.
