The service assisted in spreading malware to extort and steal confidential data

How Russian hosting provided services to cybercriminals: on-chain analysis

02.07.2025

605

2 min

In May 2025, the US Office of Foreign Assets Control (OFAC) imposed sanctions against Russian hosting company Aeza Group LLC. GetBlock AML Research explains why the company came to the attention of the US authorities.

In plain sight

The restrictive measures against Aeza Group LLC were imposed on two important criteria at once: to increase sanctions pressure on Russian Internet infrastructure and to strike a blow against services that provide services to cybercriminals.

Server rental on Aeza’s website

According to OFAC, Aeza Group LLC is linked to developers of malware used to extort and steal sensitive data.

On-chain data

Aeza Group LLC used a wallet on the TRON network (TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F) for operational activities. For additional anonymization of customers, the hosting used various payment services that acted as an intermediary for making payments. The funds received were sent to centralized exchanges.

Aeza Group LLC wallet links

In addition to links to cybercriminals, the Aeza Group LLC wallet also interacted with Garantex (Grinex) and other sanctions platforms.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy