CyberSecurityBoard
Sponsor Register Login

Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work | The Record from Recorded Future News

Aeza Group is a bulletproof hosting (BPH) services provider, the department said, that allows cybercriminals to avoid law enforcement while renting IP addresses, servers and domains used for disseminating malware, supporting darknet markets and carrying out other tasks related to fraud and cyberattacks. Russian national Aleksandr Grichishkin was handed a five-year sentence in 2021 for founding and operating a bulletproof hosting company while Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, were both sentenced to more than two years in prison for running a bulletproof hosting organization that helped launch attacks against U.S. targets between 2009 and 2015. “Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Bradley Smith, acting undersecretary of the Treasury for terrorism and financial intelligence. In February, the Treasury Department partnered with officials in Australia and the U.K. to sanction another Russian bulletproof hosting service called Zservers as well as the Russian nationals behind the company. A man suspected of owning a bulletproof hosting company was arrested in Spain last October amid a wider operation targeting one of the main members of the Evil Corp cybercrime group and a LockBit affiliate. Multiple Aeza Group leaders were arrested in April by Russian authorities on suspicion of leading a criminal organization and involvement in large-scale drug trafficking. In addition to targeting Aeza Group, Treasury officials said they are sanctioning two affiliated companies and four individuals who are company leaders. The Treasury Department accused Aeza Group of helping hackers target U.S. defense companies and technology firms. A Russia-based company providing technical tools to ransomware gangs and digital drug dealers was sanctioned by the U.S. Treasury Department on Tuesday. Penzev has allegedly been involved in multiple bulletproof hosting and illicit drug marketplace businesses. Cybersecurity researchers have previously linked Aeza Group to the pro-Kremlin disinformation campaign known as Doppelgänger, which has been active in Europe since at least 2022.

This Cyber News was published on therecord.media. Publication date: Tue, 01 Jul 2025 17:50:05 +0000


Cyber News related to Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work | The Record from Recorded Future News

Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work | The Record from Recorded Future News - Aeza Group is a bulletproof hosting (BPH) services provider, the department said, that allows cybercriminals to avoid law enforcement while renting IP addresses, servers and domains used for disseminating malware, supporting darknet markets and ...
1 month ago Therecord.media LockBit
Aeza Group sanctioned for hosting ransomware, infostealer servers - The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian ...
1 month ago Bleepingcomputer.com LockBit BianLian
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
5 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
4 months ago Cybersecuritynews.com
Cyberattack on Russian independent media had links to US-sanctioned institute, researchers find | The Record from Recorded Future News - In a report last week, U.S. cybersecurity firm Trustwave revealed that the threat actor known as Blind Eagle used the Russian bulletproof hosting service Proton66 to host various types of malicious content, including phishing pages. The hosting ...
1 month ago Therecord.media LockBit
U.S. Treasury Sanctioned Bulletproof Hosting Provider Used by Ransomware Operator Groups - The company’s bulletproof hosting infrastructure supported notorious ransomware groups, including BianLian operators and hosted command-and-control (C2) panels for the Meduza and Lumma infostealers, which specifically targeted the U.S. defense ...
1 month ago Cybersecuritynews.com BianLian
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
10 months ago Securelist.com
Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign | The Record from Recorded Future News - The chief executive of Russian tech company Aeza Group has been arrested in Moscow on suspicion of leading a criminal organization and involvement in large-scale drug trafficking. According to Russian media reports, Bozoyan and fellow Aeza cofounder ...
4 months ago Therecord.media
Bulletproof Hosting Provider Aeza Group Shifting Their Infrastructure to New Autonomous System - Following U.S. Treasury sanctions imposed on July 1, 2025, the notorious bulletproof hosting provider Aeza Group has rapidly migrated its infrastructure to a new autonomous system in an apparent attempt to evade enforcement measures. The U.S. ...
2 weeks ago Cybersecuritynews.com
Russian Hackers Using Russia-Based Bulletproof Network to Switch Network Infrastructure - Russian-aligned hacking groups UAC-0050 and UAC-0006 have been observed switching their network infrastructure through bulletproof hosting providers, enabling persistent campaigns against Ukrainian entities and their international allies. The complex ...
4 months ago Cybersecuritynews.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
CVE-2024-26626 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell - In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. The Spamdot admins went by the ...
1 year ago Krebsonsecurity.com
Who is the DOGE and X Technician Branden Spikes? – Krebs on Security - Branden Spikes California Russian Association Congress of Russian Americans Constellation of Humanity Cyberinc Department of Government Efficiency Diana Fishman Donald J. Prior to founding Spikes Security, Branden Spikes was married to a native ...
5 months ago Krebsonsecurity.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
US sanctions Russian for cleaning Ryuk's and oligarchs' cash The Register - A Russian woman the US accuses of being a career money launderer is the latest to be sanctioned by the country for her alleged role in moving hundreds of millions of dollars on behalf of oligarchs and ransomware criminals. Among these was her alleged ...
1 year ago Theregister.com Wizard Spider
NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
1 year ago Techtarget.com Rocke 8base LockBit BianLian Medusa
Feds Sanction Russian Hosting Provider Over LockBit Attacks - "It is important to acknowledge that although sanctions might impede ransomware operations by targeting their infrastructure, ransomware groups such as LockBit are highly adaptive and well-connected, and will likely have other providers ...
5 months ago Darkreading.com LockBit
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
BulletProof Hosting Provider Qwins Ltd Fueling Global Malware Campaigns - This systematic approach to network utilization demonstrates the sophisticated nature of modern bulletproof hosting operations and their critical role in enabling large-scale cybercriminal campaigns across multiple malware families and attack ...
1 week ago Cybersecuritynews.com
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
1 year ago Bleepingcomputer.com LockBit Qilin Noescape
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster - Earlier this week, the authorities in the United States, Australia, and the United Kingdom, announced sanctions against the same bulletproof hosting provider for its involvement in cybercrime operations. The servers were located in the Paul van ...
5 months ago Bleepingcomputer.com LockBit
Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News - While the group is based in China, Microsoft previously said it is “unable to confidently assess the threat actor’s objectives.” The two other Chinese groups identified with the so-called “ToolShell” campaign — Linen Typhoon and Violet ...
2 weeks ago Therecord.media CVE-2025-49706
Top 10 Notorious Ransomware Gangs of 2023 - By employing a multitude of advanced techniques like double extortion along with other illicit tactics, ransomware groups are continually evolving at a rapid pace. Here below, we have mentioned all the types of ransomware used by the threat actors ...
1 year ago Cybersecuritynews.com LockBit BianLian Everest Ragnar Locker Black Basta
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)