BPH service providers sell access to specialized servers and other computer infrastructure designed to help cybercriminals like ransomware actors, personal information stealers, and drug vendors evade detection and resist law enforcement attempts to disrupt their malicious activities
According to the Treasury’s statement, Aeza provided backend infrastructure to groups including Meduza and Lumma, both known for targeting US defense and technology networks.
The sanctions extend beyond the crypto wallet itself. OFAC added four individuals identified as key Aeza members to its Specially Designated Nationals (SDN) list, along with four affiliated entities.
Chainalysis said in a statement:
By sanctioning bulletproof hosting providers, the US government is attacking the supply chain that makes large-scale cybercrime possible, rather than just pursuing individual threat actors after attacks have occurred.
In addition to its involvement with ransomware infrastructure, Aeza was also reported to have hosted BlackSprut, a Russian darknet marketplace tied to the trafficking of illegal drugs including fentanyl.
Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley Smith emphasized the urgency of addressing these channels:
Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs.
Treasury, in close coordination with the UK and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.
Featured image created with DALL-E, Chart from TradingView
