CyberSecurity SEE

Feds Target Popular Russian Bulletproof Hosting Services

Feds Target Popular Russian Bulletproof Hosting Services

Cybercrime,
Fraud Management & Cybercrime,
Ransomware

Three Russians Indicted for Operating Services Tied to $62 Million in Ransomware and Other Losses

Feds Target Popular Russian Bulletproof Hosting Services
Image: U.S. Department of State/ISMG

In a significant development within the realm of cybercrime, three Russian nationals have been formally charged for operating an online infrastructure known as “bulletproof hosting,” which played a critical role in facilitating cyberattacks on American critical national infrastructure. This indictment underscores the ongoing battle against cybercrime and the efforts of the U.S. government to hold malicious actors accountable.

The indictment, issued by a federal grand jury, identifies Alexander Alexandrovich Volosovik, 43, Kirill Andreevich Zatolokin, 34, and Yulia Vladimirovna Pankova, 29, as conspirators engaged in various illicit activities, including computer fraud, wire fraud, and money laundering. Unveiled on December 5, 2024, the indictment accuses these individuals of leveraging their companies—Media Land, owned by Volosovik, and ML.Cloud, owned by Pankova—to facilitate the theft and extortion of a staggering $62 million from victims located across 21 states and numerous international territories.

This investigation, which spanned over seven years, was spearheaded by the FBI with assistance from various global law enforcement agencies including the Cybersecurity and Infrastructure Security Agency, the Office of Foreign Assets Control, as well as their counterparts in Australia, Britain, and the Netherlands. The U.S. Department of Justice emphasized that this indictment is part of a broader initiative named Operation Riptide, which aims to dismantle the networks and infrastructure that support cybercrime.

Brett Leatherman, assistant director of the FBI Cyber Division, remarked on the significance of the indictment, stating, “This is another step in our broader campaign to shrink the space in which these actors can operate, forcing them to work harder, take greater risks, and lose the anonymity they depend on.” His comments reflect the proactive approach law enforcement agencies are taking to counteract cybercriminal activities that threaten not only national security but also the safety and privacy of citizens.

In November 2025, a coalition of governments from Australia, Britain, and the United States simultaneously issued sanctions against the three accused and their companies. The cooperative effort aimed to disrupt the operations of bulletproof hosting services, which are integral to the functioning of cybercrime networks. An Australian Federal Police statement emphasized that the removal of these services is a vital step in combating cybercriminal exploitation of individuals and institutions online.

The accused individuals are primarily based in St. Petersburg, Russia, but have also provided illicit services through infrastructure located in countries such as China, Finland, and the Netherlands. The indictment shed light on the various illegal activities conducted by Media Land and ML.Cloud, including bulletproof hosting, fraudulent domain registration, and aiding numerous cybercrimes such as phishing campaigns, ransomware attacks, and the distribution of banking Trojans.

According to court documents, the evidence indicates that numerous organizations, ranging from banks to educational institutions and hospitals in both the U.S. and abroad, fell victim to the criminal services offered by these accused individuals. During a notable incident in August 2016, Volosovik and Zatolokin, using the alias “podzemniy,” advertised their bulletproof hosting services on a cybercrime forum, promising to preserve nearly all types of projects except for any involving child pornography.

The indictment revealed that over 17 prominent ransomware groups—including BlackSuit, Cl0p, LockBit, and Play—utilized Media Land’s bulletproof hosting services to effectively carry out their attacks. From infecting victims with cryptocurrency-locking malware to laundering ransom payments in digital currencies, the criminal infrastructure enabled a myriad of damaging activities that resonated across various sectors.

Despite ongoing abuse notifications regarding the deployment of phishing and ransomware campaigns facilitated through their services, the defendants allegedly continued their operations unchecked. Additionally, the companies hosted numerous “carder” sites dedicated to selling stolen credit card data, with listings from the year 2023 including well-known platforms such as Briansclub and Fullzinfo.

The prosecutors indicated that Media Land and ML.Cloud have been operational since 2014 and have played a pivotal role in perpetuating cybercrime on a global scale. Concurrent with the unsealing of the indictment, the U.S. Department of State announced a reward of up to $10 million for information leading to actionable intelligence about the defendants or their associates involved in malicious cyber activities.

On July 13, 2026, the European Council also initiated sanctions against several Russian individuals and entities implicated in supporting illegal cyber ecosystem activities, specifically targeting Media Land and its owner Volosovik.

The sanctions implement a strategic initiative aimed at constraining the operational capabilities of cybercriminals, significantly disrupting their business models. Dutch authorities confirmed that the actions taken against these entities are designed to mitigate the risks posed to EU member states and ensure the integrity of essential services.

Source link

Exit mobile version