US sanctions crypto wallet tied to ransomware, infostealer host

2025-07-03 11:14:27 Primitive Reading

The US Treasury has sanctioned the Russia-based Aeza Group, along with its top brass and a crypto wallet connected to the service, for allegedly hosting ransomware and info-stealers.

Aeza Group, a bulletproof hosting (BPH) services provider, allegedly sells access to specialized servers and other computer infrastructure to help cyber criminals conduct ransomware campaigns and steal sensitive info, the Treasury’s Office of Foreign Assets Control (OFAC) said on Tuesday.

OFAC’s sanctions also include an address with $350,000 in crypto, multiple Russian and UK-based companies, and four Russian nationals who allegedly partly own or are executives at Aeza.

Crypto users are frequently targeted with ransomware and other info-stealers, with blockchain security firm CertiK attributing the bulk of the $2.1 billion in stolen crypto for 2025 so far to phishing attacks that steal sensitive information such as crypto wallet keys.

OFAC sanctioned a Tron blockchain address that was an administrative wallet, handling cash-outs from Aeza’s payment processor, forwarding funds to various crypto exchanges and occasionally receiving direct payments for Aeza’s services, blockchain analytics firm Chainalysis said on Tuesday.

“On-chain analysis and additional research indicate that Aeza relied on a payment processor to receive payments for hosting services, thereby obscuring the traceability of customer deposits,” the firm added.+

The sanctioned Tron crypto address was an administrative wallet that handled payments for Aeza, says Chainalysis. Source: Chainalysis

Blockchain intelligence firm TRM Labs said on Tuesday that the crypto address also had regular cash-out points to payment services providers and is connected through intermediary addresses to other cybercrime services and the sanctioned Russian crypto exchange Garantex.

OFAC alleged that Aeza Group, based in St. Petersburg, provided BPH services to ransomware and malware groups such as the Meduza and Lumma infostealer operators, BianLian ransomware, RedLine infostealer panels, and BlackSprut, a Russian darknet marketplace.

Disclaimer: This specification is preliminary and is subject to change at any time without notice. Amazon Finance assumes no responsibility for any errors contained herein.