Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations.
BPH providers that lease servers to cybercriminals to help them hinder disruption efforts targeting their malicious activities, including phishing attacks, malware delivery, command and control operations, and illicit content hosting. They market themselves as "bulletproof" because they ignore victim complaints and law enforcement takedown requests.
The Department of the Treasury's Office of Foreign Assets Control (OFAC) designated Media Land, which has provided services to various cybercrime marketplaces and multiple ransomware groups, including LockBit, BlackSuit, and Play, as well as three sister companies (Media Land Technology, Data Center Kirishi, and ML Cloud).
Media Land's infrastructure was also used in distributed denial-of-service (DDoS) attacks against U.S. companies and critical infrastructure, including telecommunications systems, according to U.S. officials.
Today's sanctions also target three Media Land executives: Aleksandr Volosovik (who has advertised the business on cybercriminal forums under the alias "Yalishanda"), Kirill Zatolokin (who collects customer payments), and Yulia Pankova (who assisted with legal issues and finances).
According to the U.K.'s Foreign Commonwealth and Development Office, Volosovik has also worked with multiple notorious cybercrime groups, including Evil Corp, Black Basta, and LockBit.
OFAC also designated Aeza Group LLC, another BPH service provider previously sanctioned in July, and UK-based Hypercore Ltd, which Aeza used as a front company after being sanctioned, along with Serbian and Uzbek companies that provided technical support.
"These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries," said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley.
"Cyber criminals think that they can act in the shadows, targeting hard working British people and ruining livelihoods with impunity. But they are mistaken – together with our allies, we are exposing their dark networks and going after those responsible," U.K. Foreign Secretary Yvette Cooper added.
Today, Five Eyes cybersecurity agencies also released joint guidance to help internet service providers and network defenders mitigate cybercriminal activity using infrastructure provided by bulletproof hosting providers.
... continue reading