The US has imposed sanctions on a large cyber group from Russia—Aeza Group and its associated global network. This was reported by the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury.
On Tuesday, July 1, OFAC added Aeza Group to its sanctions list for its role in “supporting cybercriminal activities targeting victims in the United States and around the world.” OFAC also added two affiliated companies and four individuals who are executives of Aeza Group to the list.
In coordination with the UK’s National Crime Agency (NCA), OFAC added a front company for Aeza Group in the UK to the list.
It is noted that trusted hosting providers (BPH) sell access to specialized servers and other computer infrastructure designed to help cybercriminals, such as extortionists, identity thieves, and drug traffickers, avoid detection and resist law enforcement efforts to stop their malicious activities.
The Aeza Group of companies is headquartered in St. Petersburg, Russia.
OFAC stated that the Aeza Group provided BPH services to ransomware and malware groups, such as the operators of the Meduza and Lumma information hackers, who used the hosting to attack the US defense industrial base and technology companies, as well as other victims around the world.
Infostealers frequently gather personal identification information, passwords, and other confidential credentials from compromised victims. Hacking operators play a crucial role in the cybercrime ecosystem by often selling this data on darknet markets for profit.
It is also noted that the Aeza Group deployed BianLian ransomware and RedLine and BlackSprut information-stealing panels. This refers to the Russian darknet market for illegal drugs.
Darknet drug markets allow drugs to be purchased and shipped anonymously over the internet, making them a modern and increasingly significant factor in the illegal drug trade in the US and around the world.
OFAC emphasized that all property and interests in property of blocked individuals located in the United States or in the possession or control of U.S. individuals are blocked.
“In addition, any business entities that are owned, directly or indirectly, individually or collectively, by 50 percent or more by one or more blocked persons are also blocked,” the statement added.
Recently, an online service used by municipalities and provinces in the Netherlands to publish official documents was attacked by a pro-Russian hacker group.
Responsibility for the attack was claimed by the pro-Russian hacker group NoName057(16), which has already carried out similar attacks on websites of countries supporting Ukraine.
