The United States, Australia, and the United Kingdom have announced coordinated sanctions targeting Russian cybercrime infrastructure. The Department of the Treasury’s Office of Foreign Assets Control (OFAC), together with Australia’s Department of Foreign Affairs and Trade and the United Kingdom’s Foreign Commonwealth and Development Office, sanctioned Media Land, a bulletproof hosting (BPH) service provider based in Russia. OFAC also designated three members of Media Land’s leadership team and three sister companies in coordination with the Federal Bureau of Investigation.
Bulletproof hosting providers supply servers and computer infrastructure designed to evade detection by law enforcement, making them attractive to cybercriminals involved in ransomware operations.
Additionally, OFAC and the UK designated Hypercore Ltd., identified as a front company for Aeza Group LLC, another BPH provider previously sanctioned by OFAC. Two more individuals and two entities linked to Aeza Group were also targeted for their roles in supporting or acting on behalf of Aeza Group.
Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley stated: “These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries. Today’s trilateral action with Australia and the United Kingdom, in coordination with law enforcement partners, demonstrates our collective commitment to combatting cybercrime and protecting our citizens.”
Media Land LLC is headquartered in St. Petersburg, Russia, and has provided BPH services to criminal marketplaces as well as ransomware actors such as Lockbit, BlackSuit, and Play. Its infrastructure was reportedly used in distributed denial-of-service attacks against U.S. companies and critical infrastructure.
ML Cloud, a sister company of Media Land, often works alongside it during ransomware or DDOS attacks. Aleksandr Volosovik serves as general director of Media Land; he has promoted its services under an alias on cybercriminal forums while providing technical support to ransomware actors.
Another employee, Kirill Zatolokin, collects payments from customers and coordinates operations with other cyber actors while working closely with Volosovik.
OFAC designated Media Land, ML Cloud, Volosovik, and Zatolokin pursuant to Executive Order 13694 (as amended), citing their involvement or complicity in cyber-enabled activities that threaten U.S. national security or economic stability.
Yulia Pankova was also designated for assisting Volosovik with legal issues and managing his finances. Subsidiaries Media Land Technology (MLT) and Data Center Kirishi (DC Kirishi) were included for being owned by Media Land.
Following previous sanctions on Aeza Group on July 1, 2025, Aeza leadership attempted rebranding efforts to obscure ties between its old identity and new technical infrastructure. The latest designations aim to counter these evasion tactics.
Hypercore Ltd., registered in the UK after Aeza’s earlier designation to facilitate shifting IP infrastructure away from scrutiny, was sanctioned for acting on behalf of Aeza Group. Maksim Vladimirovich Makarov became director after these changes; Ilya Vladislavovich Zakirov helped establish new companies to mask ongoing activity.
Serbian company Smart Digital Ideas DOO (Smart Digital) and Uzbek firm Datavice MCHJ (Datavice) were used by Aeza Group for further sanctions evasion efforts through setting up new technical infrastructure not publicly tied to its brand; both are now subject to U.S. sanctions measures.
The Cybersecurity and Infrastructure Security Agency released guidance jointly with international partners about mitigating risks associated with bulletproof hosting providers.
As a result of these actions:
– All property or interests belonging to those designated that fall within U.S jurisdiction are blocked.
– Entities majority-owned by blocked persons are also covered.
– U.S persons generally cannot conduct transactions involving assets connected to those listed unless authorized by OFAC.
– Financial institutions engaging certain transactions may face penalties or enforcement actions.
– Civil or criminal penalties may be imposed for violations; more information is available via OFAC’s Economic Sanctions Enforcement Guidelines.
– Persons seeking removal from sanction lists can refer to official OFAC resources detailing procedures.
