John K. Hurley, the Under Secretary of the Treasury for Terrorism and Financial Intelligence (TFI) | Official Website
The United States, Australia, and the United Kingdom have jointly imposed sanctions on Media Land, a Russia-based bulletproof hosting service provider accused of supporting ransomware operations and other cybercrimes. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), in coordination with law enforcement agencies including the Federal Bureau of Investigation, also sanctioned three members of Media Land’s leadership team and three affiliated companies.
Bulletproof hosting providers offer specialized servers designed to evade detection and hinder law enforcement efforts against malicious cyber activities. According to authorities, these services are essential for cybercriminals targeting businesses in the U.S. and allied countries.
“These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “Today’s trilateral action with Australia and the United Kingdom, in coordination with law enforcement partners, demonstrates our collective commitment to combatting cybercrime and protecting our citizens.”
Media Land LLC is based in St. Petersburg, Russia, and has provided infrastructure to criminal marketplaces as well as ransomware groups such as Lockbit, BlackSuit, and Play. Its systems have also been used in distributed denial-of-service attacks against U.S. companies and critical infrastructure.
OFAC has designated Media Land along with its subsidiaries ML Cloud, Media Land Technology (MLT), Data Center Kirishi (DC Kirishi), general director Aleksandr Volosovik (alias “Yalishanda”), employee Kirill Zatolokin—who handles payments—and Yulia Pankova for their roles in facilitating or supporting these activities.
The sanctions were enacted under Executive Order 13694 as amended by subsequent orders due to actions deemed likely to threaten U.S. national security or economic stability through disruption or compromise of computer networks.
Additionally, OFAC has targeted Hypercore Ltd., a UK company used by Aeza Group LLC after previous sanctions were imposed on Aeza earlier this year. The new measures also designate Maksim Vladimirovich Makarov (director of Aeza), Ilya Vladislavovich Zakirov (involved in setting up payment methods), Smart Digital Ideas DOO (Serbia), and Datavice MCHJ (Uzbekistan) for their roles in aiding Aeza Group’s efforts to evade sanctions.
Following these designations, all property belonging to those named that falls within U.S. jurisdiction is blocked. Entities owned 50 percent or more by sanctioned individuals are also subject to restrictions. U.S. persons are generally prohibited from engaging in transactions involving these entities unless authorized by OFAC.
Financial institutions or others who engage with sanctioned parties may face penalties or enforcement actions themselves if found violating OFAC regulations.
Authorities emphasized that while adding individuals or entities to sanction lists is an important tool, removal from such lists remains possible if circumstances change according to established legal processes.
For further information about mitigating risks associated with bulletproof hosting providers, guidance has been released by the Cybersecurity and Infrastructure Security Agency alongside international partners.
