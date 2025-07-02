All Sections
US imposes sanctions on Russian cyber group

Ulyana Krychkovska, Anastasia ProtzWednesday, 2 July 2025, 10:46
US imposes sanctions on Russian cyber group
Stock photo: Getty Images

The United States has imposed sanctions on a major Russian cyber group – the Aeza Group and its associated global network.

Source: US Department of the Treasury’s Office of Foreign Assets Control (OFAC), as reported by European Pravda

Details: On 1 July, OFAC added Aeza Group to its sanctions list for "supporting cybercriminal activity targeting victims in the United States and around the world". Two related companies and four individuals who serve as Aeza Group executives were also sanctioned.

In coordination with the UK’s National Crime Agency (NCA), OFAC additionally designated a shell company of Aeza Group registered in the United Kingdom.

The group operates as a Bulletproof Hosting (BPH) provider – a type of service that offers specialised servers and infrastructure designed to help cybercriminals such as ransomware operators, identity thieves and drug traffickers evade detection and resist law enforcement efforts.

The Aeza Group is headquartered in Saint Petersburg, Russia.

OFAC stated that the Aeza Group provided BPH services to ransomware and malware operations, including the infostealer operators Meduza and Lumma, which used Aeza’s infrastructure to launch attacks on the US defence industrial base, tech firms and global targets. 

Infostealers are often used to collect personal identification data, passwords, and other confidential credentials from compromised victims. These data are typically sold on dark web marketplaces for profit, making infostealer operators a key element of the cybercrime ecosystem.

Aeza Group also hosted ransomware such as BianLian, infostealer panels including RedLine, and BlackSprut – a Russian darknet market for illicit drugs.

These darknet markets enable the anonymous purchase and delivery of drugs online, playing an increasingly prominent role in the illegal drug trade in the US and globally.

OFAC emphasised that all property and interests of designated persons within the United States or under US ownership or control are being blocked.

Quote: "In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked." 

Background: Recently, a Dutch online platform used by municipalities and provinces to publish official documents was attacked by the pro-Russian hacker group NoName057(16), which has previously carried out similar attacks against countries supporting Ukraine.

