top of page
Search

Coordinated Crackdown: Five Eyes Target Bulletproof Hosting Providers Enabling Ransomware Operations

  • Nov 20, 2025
  • 2 min read

Key Findings


  • The U.S. Treasury Department, along with officials from the U.K. and Australia, imposed sanctions on two Russian bulletproof hosting providers and their key personnel.

  • The targeted providers, Media Land and its subsidiaries, are accused of supporting ransomware operations and other cybercrime activities.

  • The sanctions also targeted individuals and companies that helped the previously sanctioned Aeza Group evade sanctions and reconstitute their operations.

  • Cybercrime authorities from the Five Eyes alliance and the Netherlands released a mitigation guide to help defenders thwart cybercrime enabled by bulletproof hosting infrastructure.


Background


  • Bulletproof hosting providers sell specialized servers and infrastructure designed to evade detection and law enforcement efforts, enabling various cybercrime activities.

  • Media Land, a St. Petersburg-based bulletproof hosting provider, has been used by major ransomware groups like LockBit, BlackSuit, and Play.

  • Media Land's infrastructure has also supported DDoS attacks on U.S. companies and critical infrastructure.


Sanctions on Media Land


  • OFAC designated Media Land, its general director Aleksandr Volosovik, employee Kirill Zatolokin, and other affiliated entities for contributing to cyber activities threatening U.S. national security.

  • Yulia Pankova was designated for assisting Volosovik financially and legally.

  • Subsidiaries Media Land Technology and Data Center Kirishi were also sanctioned as entities controlled by Media Land.


Targeting Aeza Group's Evasion Efforts


  • After Aeza Group and its leaders were sanctioned in 2025, the group launched a rebranding effort to hide its links to new infrastructure.

  • The latest sanctions target companies and individuals, such as Hypercore Ltd., Maksim Makarov, and Ilya Zakirov, for helping Aeza Group evade the previous sanctions.

  • Smart Digital Ideas (Serbia) and Datavice (Uzbekistan) were also designated for supporting or being controlled by Aeza.


Mitigation Efforts


  • Cyber authorities from the Five Eyes alliance and the Netherlands released a mitigation guide to help defenders thwart cybercrime enabled by bulletproof hosting infrastructure.

  • The guide urges ISPs and network defenders to block malicious IP ranges and addresses, supported by curated threat lists and other security measures.

  • Disrupting bulletproof hosting services requires a nuanced approach, as they are integrated into legitimate internet infrastructure, and actions may impact legitimate activity.


Sources


  • https://cyberscoop.com/bulletproof-hosting-providers-sanctions-mitigation-media-land/

  • https://securityaffairs.com/184871/cyber-crime/coordinated-sanctions-hit-russian-bulletproof-hosting-providers-enabling-top-ransomware-ops.html

  • https://x.com/fridaysecurity/status/1991259455258755160

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page