The U.S. Division of the Treasury has sanctioned Russian internet hosting firm Aeza Group and 4 operators for allegedly appearing as a bulletproof internet hosting firm for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns.
The Treasury’s Workplace of Overseas Belongings Management (OFAC) claims that Aeza’s companies had been utilized by the BianLian ransomware gang, for RedLine infostealer panels, and by BlackSprut, a Russian darknet market that bought medicine to people in the USA and worldwide.
A bulletproof internet hosting service (BPH) is an organization that intentionally ignores abuse complaints and legislation enforcement takedown requests, offering a protected atmosphere for cybercriminals to host malware and conduct assaults.
Aeza was beforehand linked to a Russian disinformation marketing campaign generally known as “Doppelgänger,” which cloned professional European and U.S. media websites to distribute propaganda focusing on Western audiences.
OFAC has now sanctioned 4 people who the U.S. says are the first operators of the Aeza Group:
- Arsenii Aleksandrovich Penzev (Penzev) is the CEO and 33% proprietor of Aeza Group.
- Yurii Meruzhanovich Bozoyan (Bozoyan) is the final director and 33% proprietor of Aeza Group.
- Vladimir Vyacheslavovich Gast (Gast) serves because the technical director for Aeza Group and collaborates carefully with Penzev and Bozoyan.
- Igor Anatolyevich Knyazev (Knyazev) is the 33% proprietor of Aeza Group and manages the corporate within the absence of Penzev and Bozoyan.
All 4 people and associated corporations, Aeza Worldwide Ltd., Aeza Logistic LLC, and Cloud Options LLC, will now have their belongings frozen within the U.S., and U.S. corporations are prohibited from doing enterprise with them or the Aeza Group.
Russian media beforehand reported that Bozoyan, Penzev, and different workers members had been arrested in April for “unlawful banking actions as a part of an organized prison group” and the internet hosting of the BlackSprut medicine market.
The Treasury Division states that these sanctions construct upon the company’s earlier motion in February, which sanctioned the ZServers and Xhost bulletproof internet hosting suppliers utilized by the LockBit ransomware gang and different cybercriminals.
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key methods utilized by cloud-fluent menace actors.
