The U.S. Division of the Treasury has sanctioned Russian internet hosting firm Aeza Group and 4 operators for allegedly performing as a bulletproof internet hosting firm for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns.
The Treasury’s Workplace of Overseas Property Management (OFAC) claims that Aeza’s companies have been utilized by the BianLian ransomware gang, for RedLine infostealer panels, and by BlackSprut, a Russian darknet market that bought medication to people in the USA and worldwide.
A bulletproof internet hosting service (BPH) is an organization that intentionally ignores abuse complaints and legislation enforcement takedown requests, offering a secure setting for cybercriminals to host malware and conduct assaults.
Aeza was beforehand linked to a Russian disinformation marketing campaign often called “Doppelgänger,” which cloned respectable European and U.S. media websites to distribute propaganda concentrating on Western audiences.
OFAC has now sanctioned 4 people who the U.S. says are the first operators of the Aeza Group:
- Arsenii Aleksandrovich Penzev (Penzev) is the CEO and 33% proprietor of Aeza Group.
- Yurii Meruzhanovich Bozoyan (Bozoyan) is the final director and 33% proprietor of Aeza Group.
- Vladimir Vyacheslavovich Gast (Gast) serves because the technical director for Aeza Group and collaborates carefully with Penzev and Bozoyan.
- Igor Anatolyevich Knyazev (Knyazev) is the 33% proprietor of Aeza Group and manages the corporate within the absence of Penzev and Bozoyan.
All 4 people and associated firms, Aeza Worldwide Ltd., Aeza Logistic LLC, and Cloud Options LLC, will now have their property frozen within the U.S., and U.S. firms are prohibited from doing enterprise with them or the Aeza Group.
Russian media beforehand reported that Bozoyan, Penzev, and different employees members have been arrested in April for “unlawful banking actions as a part of an organized prison group” and the internet hosting of the BlackSprut medication market.
The Treasury Division states that these sanctions construct upon the company’s earlier motion in February, which sanctioned the ZServers and Xhost bulletproof internet hosting suppliers utilized by the LockBit ransomware gang and different cybercriminals.
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key strategies utilized by cloud-fluent menace actors.
