The governments of the United States, United Kingdom, and Australia have jointly imposed sanctions on a Russian “bulletproof” hosting provider and several associated companies, accusing them of supporting ransomware operations that targeted U.S. organizations and vital infrastructure.
In a statement issued Wednesday, the U.S. Treasury confirmed coordinated sanctions against the Russia-based hosting firm Media Land and three affiliated entities.
The actions also include penalties against several executives, including the company’s general director — known publicly as Yalishanda — who is alleged to have supplied servers and technical support to cybercriminals.
Related story: Hackers Linked to Nation-State Breach U.S. Telecom Firm Ribbon Communications
How Media Land Became a Tool for Cybercriminals
Officials say various hacking groups leaned on Media Land’s infrastructure to launch distributed denial-of-service attacks. Prominent ransomware groups like LockBit, BlackSuit, and Play allegedly used the company’s systems to maintain parts of their operations.
According to the Treasury, certain employees at Media Land worked directly with cybercriminal actors.
“Bulletproof” hosting operations typically promote themselves as resistant to government takedowns, legal demands, or other enforcement efforts.
This perceived protection makes them appealing to criminals who need dependable servers for malicious activity, including extortion sites and command-and-control systems.
U.S. authorities emphasized that companies like Media Land supply key digital resources that enable cybercriminals to conduct “attacking businesses in the United States and in allied countries,” though the Treasury did not identify specific victims in this case.
Expanded U.K. Actions and Links to Disinformation Networks
The U.K.’s Foreign Office announced that it is also sanctioning a U.K.-registered business known as Hypercore, which officials described as a front operation created to mask its ties to Aeza Group — another bulletproof hosting company sanctioned by the United States in July.
British officials said Aeza is connected to the Kremlin-affiliated disinformation group called the Social Design Agency.
These sanctions make it unlawful for individuals or organizations in the United States, United Kingdom, and Australia — or anyone with business ties to those regions — to conduct financial transactions or business activities with any of the listed companies or individuals.
Alongside the sanctions, CISA and the National Security Agency released new guidance on Wednesday offering strategies organizations can use to reduce exposure to threats originating from bulletproof hosting providers, urging stronger monitoring and more proactive defense measures.
Read next: Senator Pushes Back Against FCC Move to Roll Back Cybersecurity Rules After Salt Typhoon Breach