The US Treasury has sanctioned a TRON wallet address as part of a crackdown on the Russian-based Aeza Group, which US authorities say is enabling ransomware attacks. The Treasury’s Office of Foreign Assets Control (OFAC) stated that Aeza Group was using the TRON address to provide Bulletproof Hosting (BPH) services that allow hackers to easily host ransomware servers without being accountable for their actions.
According to US authorities, the BPH servers were purpose-built for criminal activities. The TRON wallet contained $350,000 in funds as of the time of this report. Aeza Group was also connected with information-stealing operations, which involve phishing attacks, often aimed at crypto holders and stealing their private keys. Most online attacks in 2025 were phishing attacks targeting crypto wallets. The US Treasury also sanctioned other entities and individuals connected with Aeza Group, including Russian and UK firms.
OFAC sanctioned a TRON wallet address TU4tD…CnJ4F, connected with Aeza Group, allegedly mediates payments for their hosting services. Cryptocurrency was used to conceal payments so that customers could use the servers for illicit activities, such as hosting ransomware attacks, and could avoid detection from traditional payment methods. Phishing attacks and ransomware still pose an ongoing threat to the crypto community. The TRON address was being used to receive payments from Aeza Group and then transfer funds to exchanges so that it could withdraw cash from the hosting services. US authorities also allege that the crypto address was connected with the Garantex exchange, which has been controversial recently. The TRON address was further associated with information-stealing malware vendors, which operated on the darknet, and contributed to the crime wave affecting crypto traders worldwide. According to blockchain analysts, there may be more addresses out there that are being used to inject illicit funds into the economy.
The US Treasury released a statement announcing its efforts to target the Russian-based Aeza Group, which it alleged is responsible for facilitating cybercrime through its Bulletproof Hosting service business model. Criminal activities enabled by the group include ransomware attacks, technology theft, and information stealing, such as phishing attacks. The Bulletproof Hosting servers allowed hackers to operate their schemes with relative impunity. OFAC announced they were sanctioning four key individuals alongside businesses affiliated with the Aeza Group. OFAC believes that it is essential to shut down these criminal networks to revive the economic health of the US economy—the effort to target businesses associated with the group involved cross-border collaboration with UK authorities. Businesses related to the group include Aeza International Ltd, Aeza Logistics LLC, and Cloud Solutions LLC.
Arsenii Penzev, Aeza Group CEO, has been linked to illicit activities and is most likely one of the individuals designated as ‘key personnel’ by US authorities. Penzev will most likely have property and assets frozen in America, as part of the sanction process, which covers many areas of the US financial system. According to OFAC, US sanctions aim to dissuade individuals from engaging in illegal activities. The sanctions also disrupt criminal networks that build cross-border infrastructures that enable criminal activities. US authorities have taken a national security approach to sanctioning Aeza Group by pointing out that the illicit activities, including ransomware and Bulletproof Hosting servers, undermine the economic health of America and pose an immediate threat to the security of US businesses. In the announcement, OFAC also referred to this sanction as a proactive approach to preventing illicit activities from becoming more ingrained in the US financial system.
St. Petersburg, the alleged location of Aeza Group, was where sophisticated infrastructure was created, including bulletproof hosting services to evade law enforcement and facilitate ransomware attacks. Hacking groups such as Meduza and Lumma used the service to make phishing attacks against US defence contractors. Hackers also used the Bulletproof systems to target US technology companies and deploy information-stealing malware programs. Hacking has been accelerating in recent years, especially with the onset of cryptocurrency, allowing criminal groups to steal digital assets with minimal risk. We could be entering a period similar to the era of bank robberies, only with decentralised banks as the target. There seems to be a surge in bank robberies every one hundred years, with bushrangers in the 1800s, gangsters in the 1900s, and now hackers in the 2000s. US authorities are aware of the growing threat of cybercrime. Even small phishing attacks add to the cybercrime economy, selling stolen information on the black market, contributing to further attacks.