OFAC Targets Aeza Group for Enabling Cybercrime with Bulletproof Hosting

Tony Kim
Jul 02, 2025 11:38

The U.S. Treasury’s OFAC has sanctioned Aeza Group for providing hosting services that facilitate ransomware and cybercrime, marking a significant move against global cybercrime infrastructure.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has taken decisive action against Aeza Group LLC, a Russia-based bulletproof hosting provider, for allegedly facilitating cybercriminal activities. The sanctions, announced on July 1, 2025, target the group’s infrastructure that supports ransomware attacks and other cyber threats, according to Chainalysis.

Sanctions Target Cybercrime Infrastructure

OFAC’s sanctions extend beyond the core Russian entity to include Aeza Group’s international network, including Aeza International Ltd. in the United Kingdom and other affiliated entities. This broad scope underscores the global nature of modern cybercrime infrastructure. The designations leverage both CAATSA (Russia-related) and cyber-related sanctions authorities, reflecting ongoing concerns about Russia-linked cyber threats.

Cryptocurrency and Payment Mechanisms

A key aspect of the sanctions involves a TRON cryptocurrency address associated with Aeza Group. On-chain analysis revealed that this address functions as an administrative wallet, managing cash-outs from a payment processor and forwarding funds to various exchanges. This setup obscures the traceability of customer deposits, complicating efforts to track illicit activities. The wallet has reportedly received over $350,000 in cryptocurrency, with connections to darknet vendors and gaming platform transactions.

Impact on Cybercrime Operations

This move by OFAC is part of a broader strategy to dismantle the infrastructure that enables cybercrime, rather than focusing solely on individual actors. By targeting bulletproof hosting providers, the U.S. government aims to disrupt the supply chain that facilitates large-scale cybercrime operations. This approach follows the February 2025 designation of ZServers, another entity implicated in ransomware activities.

Continuing Monitoring and Implications

Chainalysis has labeled the TRON address in its product suite and will continue to monitor for additional addresses and entities connected to Aeza’s operations. The sanctions serve as a warning to other potential service providers involved in cybercrime, emphasizing the global effort to combat such threats.

The action against Aeza Group highlights the ongoing challenges in addressing cybercrime at an international level, as cybercriminals exploit global networks and technologies to evade law enforcement efforts. By sanctioning critical infrastructure, authorities hope to curb the resources available to these bad actors.

Image source: Shutterstock