GBHackers

3 Russian Nationals Indicted for Running Bulletproof Hosting Network Behind $62 Million Cyberattacks


Three Russian nationals and two St. Petersburg-based companies have been indicted in the United States for allegedly operating a bulletproof hosting network that facilitated ransomware, malware, phishing, and other cyberattacks, resulting in over $62 million in losses for victims.

The indictment, which was unsealed on July 14 in the Northern District of Ohio, charges Alexander Alexandrovich Volosovik, Kirill Andreevich Zatolokin, and Yulia Vladimirovna Pankova, along with the companies Medialand LLC and ML.Cloud LLC. The defendants face charges that include conspiracy to commit and aid and abet computer fraud, wire fraud, and money laundering.

3 Russian Nationals Indicted

According to court documents, Medialand, owned by Volosovik, and ML.Cloud, which Pankova owned during the investigation and indictment, allegedly supplied infrastructure specifically suited to criminal customers. The companies provided servers and associated internet services from St. Petersburg.

At the same time, Medialand also operated infrastructure in China, Finland, the Netherlands, and the United States. Prosecutors said the companies functioned as bulletproof hosting providers, services that knowingly market infrastructure to cybercriminals and help them resist abuse complaints, takedown efforts, and law-enforcement scrutiny.

The infrastructure allegedly supported a broad range of malicious activity. Criminal clients reportedly used Medialand and ML.Cloud services to distribute malware and ransomware, compromise victim systems, and extort organizations for cash and cryptocurrency payments.

The indictment also alleges that the companies facilitated criminal marketplaces, fraudulent domain registrations, phishing operations, and brute-force attacks.

Volosovik allegedly promoted the services on cybercriminal forums, advertising features designed to appeal to actors seeking resilient, anonymous infrastructure for illicit operations.

Authorities identified 424242 victims across 212121 U.S. states, including banks, educational institutions, government agencies, hospitals, and media organizations.

The alleged activity demonstrates how bulletproof hosting operators can act as an enabling layer in the cybercrime ecosystem: rather than directly deploying ransomware or conducting intrusions, they provide the compute, network, and domain infrastructure attackers need to host payloads, run command-and-control servers, operate phishing kits, and maintain criminal platforms.

The announcement coincides with a new U.S. State Department Rewards for Justice offer of up to $ 10 million, plus possible relocation, for actionable information regarding foreign government-linked associates of the three defendants, their malicious cyber operations, or the foreign government-linked use of Media Land and ML.Cloud.

The reward specifically seeks intelligence that could expose links between the hosting providers and foreign state-backed cyber activity.

The Justice Department also noted that the defendants and associated entities were sanctioned by the Treasury Department’s Office of Foreign Assets Control in November 2025.

The measures block property under U.S. jurisdiction and prohibit U.S. persons from conducting transactions with the sanctioned individuals and companies. The United Kingdom fully joined the sanctions, while Australia imposed related measures against elements of the network.

The FBI Cleveland Division led the investigation with support from CISA, OFAC, Dutch, British, and Australian authorities.

The case forms part of Operation Riptide, the FBI’s ongoing effort to target cybercriminal infrastructure, financial networks, and operators behind cyber-enabled fraud. The allegations remain unproven, and all defendants are presumed innocent unless convicted in court.

Gain browser-level visibility to expose decrypted phishing pages, speed investigations, and cut credential theft costs -> Power your SOC with ANY.RUN



Source link