Russia Sanctions: US, UK, Australia Target 'Bulletproof' Web Host

International Sanctions Target Russian Cybercrime Infrastructure

The governments of the United States, the United Kingdom, and Australia have jointly imposed sanctions on a Russian web hosting company described as “bulletproof,” alongside several associated entities. These actions are a direct response to allegations that the company facilitated ransomware attacks impacting U.S. victims and vital infrastructure.

U.S. Treasury Department Actions

According to a statement released by the U.S. Treasury on Wednesday, coordinated sanctions have been levied against Media Land, a Russia-based web host, and three of its affiliated companies. The sanctions extend to key executives, including the company’s general director – also identified as Yalishanda – who is accused of supplying servers and technical support to malicious cyber actors.

Authorities assert that Media Land was instrumental in enabling criminal hackers to execute distributed denial-of-service (DDoS) attacks. Ransomware groups with significant notoriety, such as LockBit, BlackSuit, and Play, reportedly utilized the company’s infrastructure for their operations. Furthermore, the Treasury Department indicated that multiple employees within Media Land actively collaborated with cybercriminals.

Understanding “Bulletproof” Hosting

“Bulletproof” hosting providers, and cloud services, advertise their ability to withstand law enforcement intervention. They claim resilience against takedowns and legal requests, making them attractive to cybercriminals seeking to host malicious infrastructure.

U.S. officials emphasized that companies like Media Land provide essential services that empower cybercriminals to target businesses both within the United States and in allied nations. However, the Treasury Department refrained from disclosing the specific identities of the attack victims.

United Kingdom's Response and Kremlin Links

The U.K.’s Foreign Office announced its own designations, targeting Hypercore, a U.K.-based company. Officials allege Hypercore functioned as a front for Aeza Group, another “bulletproof” hosting provider previously sanctioned by the U.S. in July.

The U.K. statement further revealed a connection between Aeza and the Social Design Agency, an organization reportedly linked to Kremlin-backed disinformation campaigns.

Implications of the Sanctions

The imposition of these sanctions legally prohibits citizens, residents, and businesses with ties to the U.S., U.K., and Australia from engaging in any transactions or business dealings with the sanctioned companies and individuals.

Guidance for Organizations

On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency jointly released guidance. This document outlines strategies for organizations to mitigate the risks associated with utilizing “bulletproof” hosting providers.