The United States, Australia, and the United Kingdom imposed coordinated sanctions on November 19, 2025, targeting Media Land LLC, a Russia-based bulletproof hosting (BPH) provider in St.
Petersburg that supports ransomware groups like LockBit, BlackSuit, and Play, along with distributed denial-of-service (DDoS) attacks on U.S. companies and critical infrastructure.
The U.S. Treasury’s Office of Foreign Assets Control (OFAC), working with Australia’s Department of Foreign Affairs and Trade and the UK’s Foreign, Commonwealth and Development Office, designated Media Land, its subsidiaries, and key leaders under Executive Order 13694, as amended, for enabling cyber activities that threaten national security by disrupting computer availability and compromising data integrity.
Bulletproof hosting involves specialized servers that ignore law enforcement takedown requests, allowing cybercriminals to host malicious command-and-control (C2) servers, phishing sites, and ransomware payloads with minimal disruption.
Under Secretary John K. Hurley emphasized that BPH providers like Media Land supply essential infrastructure for attacks on U.S. and allied businesses, marking this as a collective effort to dismantle cybercrime enablers.
OFAC also targeted Media Land’s leadership: General Director Aleksandr Volosovik (alias “Yalishanda”), who advertised services on cybercrime forums and provided servers with troubleshooting for ransomware actors; Kirill Zatolokin, who handled payments and operations; and Yulia Pankova, who managed finances and legal issues for Volosovik.
Subsidiaries ML Cloud (used alongside Media Land for attacks), Media Land Technology (MLT), and Data Center Kirishi (DC Kirishi) were hit for being wholly owned or controlled by the group, which blocked their U.S. assets and prohibited transactions by U.S. persons.
The action further pressures Aeza Group LLC, sanctioned by OFAC in July 2025 for similar BPH services, by designating UK front company Hypercore Ltd., which Aeza used to relocate IP infrastructure after its designation, along with new director Maksim Vladimirovich Makarov and associate Ilya Vladislavovich Zakirov.
Serbian firm Smart Digital Ideas DOO and Uzbek Datavice MCHJ were sanctioned for aiding Aeza’s sanctions evasion by establishing new companies and using new payment methods to obscure ongoing operations.
These designations block all U.S.-linked property and expose financial institutions to penalties for dealing with them, aiming to sever crypto payment flows such as Aeza’s prior TRON address, TU4tDFRvcKhAZ1jdihojmBWZqvJhQCnJ4F, used for cashouts exceeding $350,000 and disrupt global ransomware supply chains.
Media Land’s infrastructure dates back to at least 2015, linking to groups such as Evil Corp, Black Basta, Snatch Team, GandCrab, and Smokeloader, underscoring its longevity in evading takedowns.
The Cybersecurity and Infrastructure Security Agency (CISA) issued parallel guidance on mitigating BPH risks, urging organizations to monitor for resilient hosting indicators and enhance defenses against associated threats.
This trilateral move signals intensified international resolve to target not just attackers but their foundational infrastructure, potentially reducing ransomware deployment success rates by limiting reliable hosting options.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…