TL;DR
- OFAC sanctioned Aeza Group LLC and its network of entities for providing bulletproof hosting services that enable cybercriminals to conduct ransomware attacks and other malicious cyber activities.
- The designation includes one TRON cryptocurrency address (TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F) linked to Aeza Group’s payment infrastructure for their illicit hosting services.
- This action targets the critical infrastructure that cybercriminals rely on to host malicious content, demonstrating OFAC’s continued focus on disrupting the service providers that enable large-scale cyber threats.
On July 1, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Aeza Group LLC, a Russia-based bulletproof hosting provider, along with its leadership and affiliated entities, for enabling cybercriminals to conduct ransomware attacks, data theft, and other malicious cyber activities. The designations include both CAATSA (Russia-related) and cyber-related sanctions authorities, highlighting the continued intersection of Russia-nexus threats and global cybercrime infrastructure.
OFAC’s action targets not just the core Russian entity but the entire international network, including Aeza International Ltd. in the United Kingdom and multiple related companies, demonstrating the global scope of modern cybercrime infrastructure. Today’s action represents yet another disruption by OFAC against the infrastructure facilitating cybercrime, following the designation of ZServers in February 2025.
Aeza Group’s on-chain activity
OFAC’s designation includes one TRON cryptocurrency address associated with Aeza Group: TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F.
On-chain analysis and additional research indicate that Aeza Group relied on a payment processor to receive payments for hosting services, thereby obscuring the traceability of customer deposits. The designated address appears to function as an administrative wallet, handling cash-outs from the payment processor, forwarding funds to various exchanges, and occasionally receiving direct payments for Aeza’s services.
The wallet included in Aeza’s designation received more than $350,000 in crypto and cashed out at various deposit addresses at a variety of exchanges. As seen in the Chainalysis Reactor graph below, the deposit addresses Aeza has sent to have also received funds from an escrow service used for selling items on a popular gaming platform, as well as Garantex; and a darknet vendor selling an infostealer, a form of malicious software used to breach computer systems and steal sensitive user information. Regular payments from the infostealer vendor wallet to Aeza’s deposit address at an exchange align with pricing for some of Aeza’s services, indicating that this vendor was likely an Aeza customer.
Strategic implications for cybercrime infrastructure
Today’s OFAC action represents yet another significant step in targeting the infrastructure that enables cybercrime operations. By sanctioning bulletproof hosting providers, the U.S. government is attacking the supply chain that makes large-scale cybercrime possible, rather than just pursuing individual threat actors after attacks have occurred.
We have labeled the above TRON address in our product suite, and will continue monitoring for additional addresses and entities connected to Aeza and others’ bulletproof hosting operations.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.