Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

U.S. Treasury Sanctioned Bulletproof Hosting Provider Used by Ransomware Operator Groups

The company’s bulletproof hosting infrastructure supported notorious ransomware groups, including BianLian operators and hosted command-and-control (C2) panels for the Meduza and Lumma infostealers, which specifically targeted the U.S. defense industrial base and technology companies. Additionally, Aeza Group hosted BlackSprut, a Russian darknet marketplace facilitating illicit drug trafficking, including fentanyl precursor chemicals and manufacturing equipment. The action, announced July 1, 2025, targets the critical infrastructure supporting ransomware operations, infostealers, and darknet drug marketplaces that threaten U.S. national security and economic stability. U.S. sanctions Russian Aeza Group for providing bulletproof hosting to ransomware operators and darknet drug markets. Hosted major cyber threats including BianLian ransomware, Meduza/Lumma infostealers, and BlackSprut drug marketplace. Both Penzev and Bozoyan were previously arrested by Russian law enforcement for their involvement in hosting the BlackSprut marketplace on Aeza Group infrastructure. Aeza International served as a front company to lease IP addresses to cybercriminals, including Meduza infostealer operators, demonstrating the international scope of the operation.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 02 Jul 2025 10:10:16 +0000

Cyber News related to U.S. Treasury Sanctioned Bulletproof Hosting Provider Used by Ransomware Operator Groups

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
6 months ago Cybersecuritynews.com

Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work | The Record from Recorded Future News - Aeza Group is a bulletproof hosting (BPH) services provider, the department said, that allows cybercriminals to avoid law enforcement while renting IP addresses, servers and domains used for disseminating malware, supporting darknet markets and ...
2 months ago Therecord.media LockBit

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
5 months ago Cybersecuritynews.com

Feds Sanction Russian Hosting Provider Over LockBit Attacks - "It is important to acknowledge that although sanctions might impede ransomware operations by targeting their infrastructure, ransomware groups such as LockBit are highly adaptive and well-connected, and will likely have other providers ...
6 months ago Darkreading.com LockBit

Aeza Group sanctioned for hosting ransomware, infostealer servers - The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian ...
2 months ago Bleepingcomputer.com LockBit BianLian

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell - In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. The Spamdot admins went by the ...
1 year ago Krebsonsecurity.com

Cyberattack on Russian independent media had links to US-sanctioned institute, researchers find | The Record from Recorded Future News - In a report last week, U.S. cybersecurity firm Trustwave revealed that the threat actor known as Blind Eagle used the Russian bulletproof hosting service Proton66 to host various types of malicious content, including phishing pages. The hosting ...
2 months ago Therecord.media LockBit

BulletProof Hosting Provider Qwins Ltd Fueling Global Malware Campaigns - This systematic approach to network utilization demonstrates the sophisticated nature of modern bulletproof hosting operations and their critical role in enabling large-scale cybercriminal campaigns across multiple malware families and attack ...
1 month ago Cybersecuritynews.com

U.S. Treasury Sanctioned Bulletproof Hosting Provider Used by Ransomware Operator Groups - The company’s bulletproof hosting infrastructure supported notorious ransomware groups, including BianLian operators and hosted command-and-control (C2) panels for the Meduza and Lumma infostealers, which specifically targeted the U.S. defense ...
2 months ago Cybersecuritynews.com BianLian

US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers - The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department's Office of Foreign Assets Control announced new sanctions ...
1 year ago Therecord.media Lazarus Group

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta

6 Ransomware Trends & Evolutions For 2023 - More than any other industry, cybersecurity is constantly changing. The number of major paradigm shifts that have transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. ...
2 years ago Trendmicro.com TeamTNT

1 1

Bulletproof Hosting Provider Aeza Group Shifting Their Infrastructure to New Autonomous System - Following U.S. Treasury sanctions imposed on July 1, 2025, the notorious bulletproof hosting provider Aeza Group has rapidly migrated its infrastructure to a new autonomous system in an apparent attempt to evade enforcement measures. The U.S. ...
1 month ago Cybersecuritynews.com

Russian Hackers Using Russia-Based Bulletproof Network to Switch Network Infrastructure - Russian-aligned hacking groups UAC-0050 and UAC-0006 have been observed switching their network infrastructure through bulletproof hosting providers, enabling persistent campaigns against Ukrainian entities and their international allies. The complex ...
5 months ago Cybersecuritynews.com

US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
1 year ago Cysecurity.news

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster - Earlier this week, the authorities in the United States, Australia, and the United Kingdom, announced sanctions against the same bulletproof hosting provider for its involvement in cybercrime operations. The servers were located in the Paul van ...
6 months ago Bleepingcomputer.com LockBit

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit

Ransomware in 2024: Anticipated impact, targets, and landscape shift - As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. Here is what we can expect the ransomware landscape to look like in 2024. In 2024, we'll see more ...
1 year ago Helpnetsecurity.com LockBit

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa

Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com

The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
1 year ago Bleepingcomputer.com LockBit Inc ransom Black Basta

Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
1 year ago Bleepingcomputer.com

US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, ...
1 year ago Bleepingcomputer.com Lazarus Group

Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com

Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
1 year ago Techrepublic.com LockBit