UK National Crime Agency and partners in the Anglophone Five Eyes intelligence alliance carried out several strikes against so-called “bulletproof” hosting services Media Land and ML Cloud, which protected their clients, including ransomware gangs such as Black BastaEvil Corporation and Lockbitfrom detection.
The two organizations are believed to be part of a Russia-based operation run by a man named Alexander Volosovik (aka Yalishanda), who has been described as a “critical enabler” of global cybercrime.
They are accused of supporting large-scale ransomware campaigns and other malicious activities that cause financial loss, business disruption and reputational damage to brick-and-mortar businesses around the world.
The NCA said these actions complement its strategy to target key drivers of the ransomware ecosystem that enable criminal activity and lower the barrier to entry for cybercriminals.
“Bulletproof hosting is a key component of the cybercrime ecosystem, providing a digital safe haven for cybercriminals who may prove resistant to law enforcement,” said NCA Deputy Director Paul Foster, Head of the National Cybercrime Unit.
“Services like Media Land… are critical tools for cybercriminals, so sanctions like today's against Media Land will limit their ability to plan, launch and monetize criminal schemes.
“This action will help law enforcement break down the bulletproof shield provided by illicit hosting services, which will help degrade the cybercrime ecosystem on which nefarious actors depend.”
Volosovik and two of his associates came under sanctions Foreign, Commonwealth and Development Office (FCDO) in the UK, US Treasury Office of Foreign Assets Control (OFAC) and Australia Department of Foreign Affairs and Trade (DFAT).
Two other individuals were named by the US as Kirill Zatolokin, who was allegedly responsible for collecting payments and communicating with other cybercriminals, and Yulia Pankova, who allegedly provided legal and financial support for the operation.
“These so-called bulletproof hosting providers like Media Land provide cybercriminals with essential services that help them attack businesses in the United States and allied countries,” said John Hurley, Treasury Under Secretary for Counterterrorism and Financial Intelligence.
“Today’s trilateral action with Australia and the UK, in coordination with law enforcement partners, demonstrates our collective commitment to combating cybercrime and protecting our citizens.”
Maintaining pressure
At the same time, US authorities continue to pursue another bulletproof service, Aeza, which came under sanctions in early July.
Since then, OFAC said, the service's leadership has embarked on a major rebranding effort aimed at decoupling Aeza from its technical infrastructure. However, if you look at them vigilantly, it seems to have been in vain.
The United States has now imposed sanctions on two individuals: Maxim Vladimirovich Makarov, the newly appointed director of Aeza, and Ilya Vladislavovich Zakirov, who is accused of facilitating the creation of new shell companies and payment methods to conceal the work of Aeza.
He also prosecuted three companies over ties to Aeza. Two of them, Smart Digital Ideas DOO and Datavice MCHJ, are based in Serbia and Uzbekistan and are allegedly used to evade sanctions against Russia and operate technical infrastructure not associated with the Aeza name.
The third, however, is a British company called Hypercore Ltd, which the US says was created earlier in 2025 with the intention of being used to move Aeza's IP infrastructure and evade sanctions.
