11 April 2025
Qurium has previously reported that the Russian disinformation campaign Doppelganger operates its infrastructure from European data centers, not from Russian soil. Data centers in Germany hosted large part of the malicious content.
Qurium also revealed that the ecosystem of Doppelganger had its hub in Aeza (International), a Russian provider with European presence. Aeza was a fast growing business with strong ties to at least a dozen bullet proof hosting providers in Russia known to shelter cyber crime.
As a result of the investigations by Qurium and German investigative media CORRECTIV, several upstream providers have chosen to cut off the connection to the exposed actors.
Furthermore, Qurium’s investigation proved that disinformation was not an isolated activity present in the hosting infrastructure, just one more type of activity among many other cyber crimes, such as data exfiltration, phishing, online scams using affiliate marketing or darknet activities.
Last week several members of the Aeza Group, including two of their founders, Yuri Bozoyan and Arseny Penzev, were arrested for providing technical infrastructure to the Russian notorious darknet marketplace BlackSprut. BlackSprut primarily focus on the sale of illegal drugs and according to TRM Labs, they held approximately 28% of the global darknet market share in late 2022. BlackSprut has become known for its support for the Russian government’s actions, including the invasion of Ukraine.
The arrest shreds light to what kind of services Aeza provides and supports Qurium’s claims that Aeza is not just a bullet proof hosting provider, but a cyber crime actor in a wider sense.
Qurium report: Disinformation, Malware and Drugs: Aeza’s cyber crime portfolio
CORRECTIV report: Verhaftungen bei russischer Firma Aeza: IT für Kreml-Propaganda und Verdacht auf Drogenhandel
Contacts
Digital forensics: Tord Lundström <t at virtualroad.org> Technical Director
Media: Clara Zid <info at virtualroad.org> Media and Outreach Manager