US, UK, Australia Sanction Russian 'Bulletproof' Web Host

The United States, United Kingdom, and Australia have jointly imposed sanctions on Media Land, a Russian-based ‘bulletproof’ web hosting company, and several associated firms. These actions target entities allegedly instrumental in facilitating ransomware attacks against U.S. victims and critical infrastructure. The coordinated sanctions, announced by the U.S. Treasury on Wednesday, also extend to key executives, including Media Land's general director, known as Yalishanda, who is accused of providing essential server infrastructure and technical support to cybercriminals.

According to officials, criminal hacker groups utilized Media Land's services to launch distributed denial-of-service (DDoS) attacks. Prominent ransomware gangs, such as LockBit, BlackSuit, and Play, reportedly leveraged its infrastructure for their malicious operations. The Treasury further indicated that multiple Media Land employees actively coordinated with these cybercriminal organizations.

What is 'Bulletproof' Hosting?

‘Bulletproof’ hosting providers are web hosts and cloud companies that market their services as highly resistant or impervious to law enforcement intervention, including takedowns or legal demands. This resilience makes them a preferred choice for cybercriminals seeking to host their malicious infrastructure without fear of disruption.

U.S. officials emphasized that hosting companies like Media Land offer crucial services that enable cybercriminals to target businesses in the United States and its allied nations. However, the Treasury Department did not disclose specific victims of these attacks.

In a parallel move, the U.K.'s Foreign Office announced its own designation of Hypercore, a U.K.-based company. Officials identified Hypercore as a front company for Aeza Group, another ‘bulletproof’ hosting provider that had previously been sanctioned by the U.S. in July. The U.K.'s statement further asserted that Aeza Group has ties to a Kremlin-backed disinformation entity known as the Social Design Agency.

These sanctions effectively prohibit citizens, residents, and entities with business ties to the U.S., U.K., and Australia from engaging in any transactions or business dealings with the designated companies and individuals involved in cybercrime.

To help organizations protect themselves, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued joint guidance on Wednesday. This guidance outlines strategies for mitigating the risks associated with ‘bulletproof’ hosting providers.