US allies sanction Russian bulletproof hosting services for ransomware support The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstatepp Influence Operations ppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp A popular Russian bulletproof hosting service provider named Media Land was sanctioned by the US Treasury and international partners on Wednesday for its alleged support of ransomware gangs and other cybercriminal operations  pp The St Petersburgbased company provides hackers with access to IP addresses servers and domains that are used to spread malware form botnet armies and carry out ransomware attacks  pp The US UK and Australia accused Media Land of providing services to online criminal marketplaces as well as ransomware groups like Lockbit BlackSuit and Play The companys services were also used in several distributed denialofservice DDOS attacks on US critical infrastructure entities the Treasury said  pp The three countries also sanctioned Data Center Kirishi and ML Cloud sister companies of Media Land that provide other technical infrastructure to ransomware gangs  pp The sanctions include Aleksandr Volosovik aka Yalishanda Media Lands general director his financial manager Yulia Pankova and Kirill Zatolokin who is allegedly responsible for collecting payment from customers and coordinating services with cybercriminals  pp These socalled bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries said John Hurley a Treasury Department undersecretary pp The companies market themselves as bulletproof because they do not respond to victim complaints or legal filings from those impacted by cyberattacks enabled by their services  pp The US and UK also sanctioned Hypercore a front company for another bulletproof hosting service called Aeza Group  pp The Treasury hit Aeza Group with its own sanctions in July but officials said Wednesday that the company rebranded and created new infrastructure removing connections to the previous operation  pp Hypercore is registered in the UK and is being used by Aeza Group to evade the sanctions they said Maksim Vladimirovich Makarov the new director of Aeza Group was also sanctioned alongside another company employee Ilya Vladislavovich Zakirov  pp Two other front companies based in Serbia and Uzbekistan named Smart Digital Ideas DOO and Datavice MCHJ were included in the tranche of sanctions  pp The St Petersburgbased Aeza Group has allegedly provided hosting services to ransomware gangs like BianLian and the operators behind infostealing malware like RedLine Lumma and Meduza  pp The Treasury Department previously accused Aeza Group of helping hackers target US defense companies and technology firms Cybersecurity researchers have also linked Aeza Group to the proKremlin disinformation campaign known as Doppelgänger which has been active in Europe since at least 2022  pp Alongside the sanctions the Cybersecurity and Infrastructure Security Agency CISA and other US  agencies released a guide on how organizations can deal with the risks presented by bulletproof hosting providers pp Developed by the Joint Ransomware Task Force the guide is designed to help internet service providers and network defenders combat the escalating threat of ransomware attacks pp Bulletproof hosting is one of the core enablers of modern cybercrime said acting CISA Director Madhu Gottumukkala By shining a light on these illicit infrastructures and giving defenders concrete actions we are making it harder for criminals to hide and easier for our partners to protect the systems Americans rely on every day pp Nick Andersen executive assistant director for the cybersecurity division at CISA added that bulletproof hosting platforms are increasingly common accomplices used to help cybercriminals remain undetectable and difficult to trace pp The goal of the guide CISA explained is to reduce the effectiveness of bulletproof hosting infrastructure and force cybercriminals to use legitimate infrastructure providers that will respond to victim complaints and law enforcement takedown requests  pp Law enforcement agencies have targeted a handful of Russian bulletproof hosting providers in the last year including Zservers Lolek Hosted and others Several people have been sentenced to years in prison for their roles running the services  ppJonathan Greigppis a Breaking News Reporter at Recorded Future News Jonathan has worked across the globe as a journalist since 2014 Before moving back to New York City he worked for news outlets in South Africa Jordan and Cambodia He previously covered cybersecurity at ZDNet and TechRepublicppPrivacyppAboutppContact Uspp Copyright 2025 The Record from Recorded Future Newsp