U.S. Treasury Strikes Russian Cybercrime Group

The United States Treasury Department has intensified its crackdown on cybercrime by targeting the Russia-based Aeza Group. On July 1, 2025, the Office of Foreign Assets Control (OFAC) included Aeza Group and three of its subsidiaries on the sanctions list. This action is due to their involvement in providing “bulletproof hosting” services, which facilitate various illicit cyber activities, including ransomware and phishing attacks. OFAC has also sanctioned four key individuals associated with Aeza’s operations.

What Role Do BPH Services Play?

The Aeza Group is a significant player in the global cybercriminal ecosystem, providing critical infrastructure for ransomware attacks. These services, known as “bulletproof hosting,” are used to anonymize and protect the operations of cybercriminals worldwide. Bradley T. Smith, a Treasury official, highlighted the persistent danger posed by such providers and stressed the importance of taking decisive action against them.

Investigations into the Aeza Group have unveiled a TRON cryptocurrency address with transactions exceeding $350,000. This address is linked to the BlackSprut dark market, which has handled over $900 million in cryptocurrency transactions and is suspected of trafficking chemicals, including fentanyl.

How Are Funds Being Blocked?

The sanctioned individuals are central figures in Aeza Group, managing its daily activities. The Treasury Department is committed to tracking and stopping cryptocurrency transactions tied to the blacklisted addresses, underscoring its determination to deter similar hosting services.

Despite the sanctions, experts suggest that while these measures may reduce the options available to ransomware groups for hosting, the broad global market for BPH services presents ongoing challenges. Users of cryptocurrency platforms are urged to implement stringent security practices, such as strong authentication and careful adherence to guidelines.

• The OFAC sanctions list now includes Aeza Group, three subsidiaries, and four key individuals.

• This move aims to disrupt operations supporting ransomware and dark market activities.

• Aeza’s infrastructure is tied to the exchange of hundreds of thousands in cryptocurrencies linked to illegal trade.

By freezing assets and forbidding U.S. entities from engaging with Aeza and its affiliates, the Treasury Department hopes to dismantle this cybercriminal network. Such efforts are part of a broader strategy to cut off resources from those who support or engage in illicit online activities globally.