The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'
Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
The UK, US, and Australia have imposed sanctions on a Russian cyber crime group offering so-called 'bulletproof' hosting services for hackers worldwide.
Media Land provides online infrastructure to support ransomware and phishing operations, and is believed to have played a key role in a spate of devastating cyber attacks in recent years.
Ransomware victims of the outfit include UK critical national infrastructure organizations and it's also been used for malware and phishing campaigns targeting UK taxpayers.
In the US, Media Land infrastructure has been used in distributed denial of service (DDoS) attacks against companies and critical infrastructure. Meanwhile, in Australia, the group has helped criminals to carry out attacks against financial institutions, businesses, their customers, and critical infrastructure.
"Cyber criminals think that they can act in the shadows, targeting hard working British people and ruining livelihoods with impunity," said UK foreign secretary Yvette Cooper.
"But they are mistaken – together with our allies, we are exposing their dark networks and going after those responsible."
The measures target Media Land’s ringleader, Alexander Volosovik, also known as Yalishanda, who has been active since at least 2010 and is known to have worked with some of the most notorious cyber criminal groups, including Evil Corp, LockBit, and Black Basta.
Also sanctioned is Kirill Zatolokin, a Media Land employee responsible for collecting payment from customers and coordinating with other cyber actors, as well as Yulia Pankova, who has helped Volosovik with legal issues and handled his finances.
Sanctions target Media Land sister outfits
The sanctions also target ML Cloud, a Media Land sister company whose technical infrastructure is often used in conjunction with Media Land, including in ransomware and DDoS attacks.
Hypercore, a UK company registered and utilized by Aeza Group, has also been targeted in the international campaign.
The sanctions block access to any assets held in the sanctioning countries, and bar businesses and individuals there from engaging with the listed entities or people. Financial institutions that violate these restrictions can face penalties themselves.
"These sanctions don’t just impose costs on criminals, they dismantle the infrastructure that enables cyber crime," said Australian deputy prime minister Richard Marles.
"By disrupting these networks, we make it harder for others to launch attacks and it strengthens Australia’s resilience against future threats."
Will the sanctions work?
The move marks the latest in a string of actions by governments to crack down on cyber crime-related hosting services.
In July this year, the US Treasury announced plans to impose sanctions on Azea Group, another bulletproof hosting service for its activities. US officials revealed the group has been selling access to specialized services and infrastructure used in a series of ransomware and infostealer malware campaigns.
While this fresh crackdown has been welcomed by security industry stakeholders, John Binns, partner and head of the sanctions practice at BCL Solicitors, said these typically have a limited effect.
"The evidential threshold for designation under the regulations is significantly lower than any in the criminal process, and the real-world impact on sophisticated actors operating primarily in hostile jurisdictions can be modest," he said.
"While sanctions are undoubtedly a valuable addition to the law-enforcement toolkit against transnational cyber crime, they deliver a form of administrative rather than criminal justice and are best viewed as potentially complementing - rather than supplanting - efforts to secure arrests, prosecutions, and asset forfeiture through the courts."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Russia is targeting unpatched vulnerabilities – what can tech leaders do to shore up defenses?
- Are we in a cyber awareness crisis?
- Enterprises need to acknowledge the importance of basic cyber hygiene
-
78% of UK manufacturers have experienced a cyber incident in the last yearNews Last year's attack on Jaguar Land Rover shows the costs can be very significant indeed
-
Claude Code creator confirms cause of massive source code leakNews Over half a million lines of Claude Code source code was leaked, with the company attributing the blunder to human error
-
‘The build pipeline is becoming the new frontline’: Axios npm compromise highlights growing software supply chain risks, experts warnNews Cyber criminals exploited a hijacked maintainer account to compromise one of the world's most widely used JavaScript libraries
-
Interpol teams up with tech firms to seize 45,000 malicious IPs, servers in global cyber crime crackdownNews Operation Synergia III saw 94 arrests - and counting - with malicious IP addresses used in phishing and fraud schemes seized
-
'It's destructive, not ransomware': Security experts weigh in on motivation behind Stryker cyber attackNews The attack on medical tech company Stryker has severely impacted operations globally
-
Thousands of Asus routers are being used to fuel a massive cyber crime spreeNews Black Lotus Labs has spotted a massive botnet of Asus routers built by malware that uses a common peer networking tool
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in lifeNews With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Cloudflare warns state-backed hackers are ‘weaponizing legitimate enterprise ecosystems’ as ‘living off the land’ attacks surge
News Chinese, North Korean, and Russian-backed threat groups now favor longer-term compromises over brute force attacks
-
DIY hackers are turning to ‘flat-pack’ malware components to speed up attacks and cut costsNews While these malware campaigns are very basic, researchers noted “they still work”
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
