The United States, the UK, and Australia, imposed sanctions on several Russian bulletproof hosting providers accused of supporting ransomware gangs and other cybercriminal operations.
Media Land, a well-known St. Petersburg–based hosting company, was placed on the sanctions list for allegedly supplying hackers with IP addresses, servers and domains used to distribute malware, build botnets and launch ransomware attacks. Officials said the company’s infrastructure also played a role in multiple distributed denial-of-service (DDoS) attacks targeting US critical infrastructure.
The sanctions also target Media Land’s sister companies, Data Center Kirishi and ML Cloud, which authorities say provide additional technical support to cybercriminal groups, including Lockbit, BlackSuit and Play. Media Land’s general director Aleksandr Volosovik, financial manager Yulia Pankova and employee Kirill Zatolokin were individually sanctioned for facilitating payments and coordinating services for criminal clients.
Officials also sanctioned Hypercore, identified as a front company for the Aeza Group, another Russian bulletproof hosting service previously sanctioned in July.
Aeza Group has allegedly provided services to ransomware crews such as BianLian as well as operators of major infostealing malware including RedLine, Lumma and Meduza. The company has also been linked by researchers to the pro-Kremlin Doppelgänger disinformation campaign active across Europe.
Authorities said Aeza rebranded and built new infrastructure to evade restrictions. Aeza director Maksim Vladimirovich Makarov and employee Ilya Vladislavovich Zakirov were also designated, along with two additional front companies based in Serbia and Uzbekistan.
In addition, international cybersecurity agencies have released a security advisory with recommendations for internet service providers (ISPs) and network defenders on how to mitigate potential cybercriminal activity enabled by bulletproof hosting providers.