The authorities of the United States have punished a crypto wallet linked to the AEZA Group based in Russia, accused of engaging ransomware activities and darknet markets.
According to the Office of Foreign Assets Control (OFAC) of the Treasury, the instructions focuses on the entire cyber infrastructure of AEZA Group, including affiliated entities and four people in leadership roles.
Allegedly the group offered Bulletproof hosting services with which Ransomware operators, malware distributors and DarkNet suppliers were able to work with impunity by avoiding detection and law enforcement.
The sanctions extend to AEZA International Ltd., a front company located in the United Kingdom to lease IP addresses to cyber criminals, as well as two subsidiaries based in Russia, Aeza Logistic LLC and Cloud Solutions LLC.
OFAC has also designated four senior executives, including CEO Arsenii Penzev and general director Yurii Bosoyan, who were both arrested by the Russian law enforcement for their involvement in the Darknet Drug Marketplace Blacksprut.
Allegedly, the infrastructure of AEZA groups such as Meduza and Lumma Infontealer Operators, Bianlian Ransomware, Redline InfoStaler Panels and the nowed Black Sprut-Marktplaats, supported Bianlian Ransomware. With these services, threat actors could steal sensitive data and siphon funds of global victims, including crypto users.
The designated crypto address, hosted on the Tron Blockchain, was identified as an administrative wallet used to receive payments for the services of AEZA. According to chain analysis, the wallet incorporated More than $ 350,000 in crypto and payments by tempting an external processor to hide the financial path and make tracing difficult.
Researchers reportedly found that the wallet received direct payments from customers, including suppliers from InfoStealer, and illegal funds to various cryptocurrency exchanges.
A separate report From blockchain-in-lighting company TRM Labs confirmed these findings and noted that the designated address “regular cash outpoints showed to global cryptocurrency outlets” and payment service providers.
Analysts noted that the payment patterns were in accordance with the well -known prices for the Hosting Services of AEZA, which suggests that suppliers of InfoStaler and other threat factors were probably among the clients of the group.
TRM also identified connections between the wallet and other cyber crime platforms via intermediary addresses, including connections with the sanctioned Russian crypto exchange Garantex.
TRM said that websites were linked to AEZA and his affiliated companies had gone offline shortly after the designation was announced.
“Today’s instructions underline a continuous trend of growing focus by authorities on disrupting not only individual threat factors, but also the infrastructure that makes their activities possible,” TRM said.
“The role of AEZA Group in facilitating global cyber crime illustrates how infrastructure providers can serve as critical enablers – and potential pressure points – for both law enforcement and regulators.”
Earlier this year, OFAC led a coordinated effort with the United Kingdom and Australia to punish another bullet-free hosting provider, Zervers, based in Russia, for offering infrastructure to the Lockbit Ransomware gang.
OFAC DIGHTS Crypto Wallets
In addition to infrastructure, orac is also aimed at dismantling crypto-based cyber crime. In April, the agency sanctioned eight crypto addresses that were used by the Houthi movement of Yemen to finance weapons purchase and terrorist activities. Data on the chain showed more than $ 45 million that was moved by Garrantex in connection with these operations.
Similarly, in March, orac on blacklist 49 crypto portfolios bound to Nemesis, a darknet marketplace operated by the Iranian National Behrouz Parsarad. The site was involved in the Fentanyl human trafficking and other synthetic medicines and processed nearly $ 30 million in sales using Bitcoin and Monero before the seizure in 2024.
