The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'
Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
The UK, US, and Australia have imposed sanctions on a Russian cyber crime group offering so-called 'bulletproof' hosting services for hackers worldwide.
Media Land provides online infrastructure to support ransomware and phishing operations, and is believed to have played a key role in a spate of devastating cyber attacks in recent years.
Ransomware victims of the outfit include UK critical national infrastructure organizations and it's also been used for malware and phishing campaigns targeting UK taxpayers.
In the US, Media Land infrastructure has been used in distributed denial of service (DDoS) attacks against companies and critical infrastructure. Meanwhile, in Australia, the group has helped criminals to carry out attacks against financial institutions, businesses, their customers, and critical infrastructure.
"Cyber criminals think that they can act in the shadows, targeting hard working British people and ruining livelihoods with impunity," said UK foreign secretary Yvette Cooper.
"But they are mistaken – together with our allies, we are exposing their dark networks and going after those responsible."
The measures target Media Land’s ringleader, Alexander Volosovik, also known as Yalishanda, who has been active since at least 2010 and is known to have worked with some of the most notorious cyber criminal groups, including Evil Corp, LockBit, and Black Basta.
Also sanctioned is Kirill Zatolokin, a Media Land employee responsible for collecting payment from customers and coordinating with other cyber actors, as well as Yulia Pankova, who has helped Volosovik with legal issues and handled his finances.
Sanctions target Media Land sister outfits
The sanctions also target ML Cloud, a Media Land sister company whose technical infrastructure is often used in conjunction with Media Land, including in ransomware and DDoS attacks.
Hypercore, a UK company registered and utilized by Aeza Group, has also been targeted in the international campaign.
The sanctions block access to any assets held in the sanctioning countries, and bar businesses and individuals there from engaging with the listed entities or people. Financial institutions that violate these restrictions can face penalties themselves.
"These sanctions don’t just impose costs on criminals, they dismantle the infrastructure that enables cyber crime," said Australian deputy prime minister Richard Marles.
"By disrupting these networks, we make it harder for others to launch attacks and it strengthens Australia’s resilience against future threats."
Will the sanctions work?
The move marks the latest in a string of actions by governments to crack down on cyber crime-related hosting services.
In July this year, the US Treasury announced plans to impose sanctions on Azea Group, another bulletproof hosting service for its activities. US officials revealed the group has been selling access to specialized services and infrastructure used in a series of ransomware and infostealer malware campaigns.
While this fresh crackdown has been welcomed by security industry stakeholders, John Binns, partner and head of the sanctions practice at BCL Solicitors, said these typically have a limited effect.
"The evidential threshold for designation under the regulations is significantly lower than any in the criminal process, and the real-world impact on sophisticated actors operating primarily in hostile jurisdictions can be modest," he said.
"While sanctions are undoubtedly a valuable addition to the law-enforcement toolkit against transnational cyber crime, they deliver a form of administrative rather than criminal justice and are best viewed as potentially complementing - rather than supplanting - efforts to secure arrests, prosecutions, and asset forfeiture through the courts."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Russia is targeting unpatched vulnerabilities – what can tech leaders do to shore up defenses?
- Are we in a cyber awareness crisis?
- Enterprises need to acknowledge the importance of basic cyber hygiene
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Claude users beware, hackers are using a fake website to dupe developers and deliver malwareNews 'Beagle' is deployed through a Dynamic Link Library (DLL) sideloading chain, and gives attackers remote access to the system
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
North Korean hackers are duping freelance developers with fake interviews to steal cryptocurrency and deliver malware — Sophos warns the 'Nickel Alley' group is using LinkedIn, Upwork, and Fiverr to target victimsNews A fake interview process uses coding tests and repo downloads to deliver malware
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Tycoon 2FA is down, but not out – researchers warn the phishing as a service operation is still a huge threat to businessesNews Millions of Tycoon 2FA attacks are still hitting businesses, according to research from Barracuda
-
Security leaders overconfident about ransomware recoveryNews Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
