US Charges Two Bulletproof Hosting Firms for Aiding Cybercrime
Key Takeaways The U.S. Department of Justice has indicted three Russian nationals and two Russia-based “bulletproof hosting” companies. These entities are accused of enabling cybercrimes...
Key Takeaways
- The U.S. Department of Justice has indicted three Russian nationals and two Russia-based “bulletproof hosting” companies.
- These entities are accused of enabling cybercrimes that caused over $62 million in losses to 42 organizations across 21 U.S. states.
- The charges include conspiracy to commit computer fraud, wire fraud, and money laundering.
- The State Department is offering a $10 million reward for information connecting the defendants to foreign governments, following sanctions by the U.S. Treasury and international allies.
The U.S. Department of Justice has unsealed an indictment in the Northern District of Ohio, bringing charges against three Russian individuals and two Russia-based “bulletproof hosting” firms. These entities are alleged to have facilitated extensive cybercriminal activities, resulting in tens of millions of dollars in losses for victims throughout the United States.
Table Of Content
The indictment, initially filed in December 2024, outlines serious charges, including conspiracy to commit and aid computer fraud, wire fraud, and money laundering. The individuals and companies named are:
- Alexander Alexandrovich Volosovik (43), residing in St. Petersburg, Russia.
- Kirill Andreevich Zatolokin (34), residing in St. Petersburg, Russia.
- Yulia Vladimirovna Pankova (29), residing in St. Petersburg, Russia.
- Medialand LLC, based in St. Petersburg, Russia.
- ML.Cloud LLC, based in St. Petersburg, Russia.
U.S. Targets Bulletproof Hosting Operations
Prosecutors contend that Medialand, owned by Volosovik, and ML.Cloud, which Pankova owned during the investigative period, supplied specialized server infrastructure designed to evade law enforcement intervention. Volosovik reportedly promoted these services on illicit online forums, advertising resilient setups across various global jurisdictions.
Co-conspirators reportedly utilized these robust hosting configurations to deploy diverse malware strains, conduct cryptocurrency extortion schemes, host illegal online marketplaces, and execute automated brute-force attacks. The infrastructure footprint observed in these operations bears similarities to those previously associated with Onyx ransomware activities.
Further details on the criminal infrastructure, operational tracking, and specific charging documents are available in the official DOJ release.
Court documents indicate that the cybercriminal operations impacted 42 distinct organizations across 21 U.S. states. The targets spanned critical public sectors, including healthcare providers, financial institutions, educational establishments, media organizations, and government systems.
International Cooperation and Sanctions
In conjunction with the criminal charges, the U.S. State Department’s Rewards for Justice program announced a reward of up to $10 million for information linking the indicted individuals or their companies to foreign government entities. This action follows a series of coordinated restrictions implemented in November 2025 by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), which fully sanctioned all three individuals, Medialand’s subsidiaries (Media Land Technology and Data Center Kirishi), and its sister company ML.Cloud.
The United Kingdom’s Foreign Commonwealth and Development Office fully endorsed the sanctions package, while Australia’s Department of Foreign Affairs and Trade enacted corresponding partial measures.
The multi-agency investigation was led by the FBI Cleveland Division, with operational support from CISA, OFAC, and international law enforcement partners, including the Dutch National Police, the UK National Crime Agency, and the Australian Federal Police. This initiative falls under Operation Riptide, the FBI’s broader campaign against the cybercrime economy, launched in response to a 26% year-over-year surge in domestic cyber losses, now totaling $20 billion annually.
What You Should Do
- Continuously audit inbound network traffic for suspicious activity and anomalies.
- Implement robust intrusion detection and prevention systems to identify and block automated access threats.
- Monitor systems for indicators of compromise (IoCs) that resemble infrastructure used by malware like gitpaste-12 or other known cybercriminal operations.
- Ensure all network devices and servers are regularly patched and configured with strong security controls.
- Conduct regular security awareness training for employees, especially regarding phishing and social engineering tactics.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.