Allies Sanction Russian Network Behind Major Cyberattacks

The UK, US, and Australia have imposed new sanctions on Media Land, a Russian cybercrime network accused of enabling ransomware, phishing, and other major attacks on UK businesses.

According to the UK Foreign Office, Media Land operated as one of the most significant bulletproof hosting providers, supplying the infrastructure that allowed cybercriminals to hide their activity and launch disruptive campaigns with impunity. 

The action reflects a growing urgency among Western allies to disrupt Russian-linked cyber operations, which cost the UK economy an estimated £14.7 billion in 2024.

“Cyber criminals think that they can act in the shadows, targeting hard working British people and ruining livelihoods with impunity. But they are mistaken – together with our allies, we are exposing their dark networks and going after those responsible,” said Yvette Cooper, UK Foreign Secretary.

How Media Land Powered Global Cybercrime

Media Land is accused of providing bulletproof hosting services — specialized infrastructure designed to avoid detection, resist takedowns, and allow malicious actors to operate anonymously. 

These services enabled ransomware groups such as LockBit, Black Basta, and Evil Corp to conduct attacks against UK businesses, US companies, and critical infrastructure worldwide. 

Bulletproof hosts are known for shielding clients from law enforcement scrutiny, allowing cybercriminals to distribute malware, operate phishing campaigns, launch DDoS attacks, and manage criminal marketplaces.

Australia’s Federal Police reported that Media Land’s infrastructure supported malware distribution and scam campaigns, while the UK’s National Crime Agency linked the network to phishing attacks targeting British organizations. 

By sanctioning Media Land and associated entities, officials aim to prevent Western banks, companies, and individuals from providing financial or technical support — effectively cutting off access to infrastructure used to coordinate cyberattacks. 

A US Treasury statement noted that these sanctions are intended to disrupt Media Land’s longstanding role as a haven for criminal operations.

Global Crackdown Expands Beyond Media Land

This coordinated response represents the third major international action targeting Russian bulletproof hosting providers in 2025. 

Earlier operations sanctioned or dismantled ZServers and Aeza Group, two other hosting platforms implicated in supporting ransomware gangs. 

Aeza Group, which attempted to evade earlier sanctions by rebranding and shifting infrastructure to a UK-based shell company called Hypercore Ltd., has now been targeted again after investigators uncovered continuing attempts to mask its operations.

The UK government stressed that the damage caused by bulletproof hosting providers extends beyond financial loss. 

Some services have supported Kremlin-linked disinformation efforts, including the Social Design Agency, sanctioned in 2024 for spreading propaganda to destabilize Ukraine and other Western democracies.

By disrupting Media Land and its partners, UK officials argue that they are not only protecting British businesses but also countering a broader ecosystem of Russian hybrid warfare.

Impact on UK Businesses  

The UK estimates that cyberattacks facilitated by services like Media Land caused £14.7 billion in economic losses in 2024, representing 0.5% of the nation’s GDP. 

Ransomware remains one of the most destructive threats, often targeting essential services, supply chain partners, and small businesses ill-equipped to recover from major disruptions. 

Officials argue that Russia has become a permissive environment for cybercriminal groups, with many operators maintaining close connections to state-linked entities or enjoying government protection.

Turning Up the Pressure on Bulletproof Hosts

The sanctions against Media Land underscore a growing international willingness to confront cybercrime infrastructure at its source. 

By targeting not only the networks but also the individuals enabling these operations, the UK and its allies aim to disrupt a criminal ecosystem deeply intertwined with Russian strategic interests. 

As Western governments increase pressure on bulletproof hosting providers, their coordinated actions signal that cybercriminals operating in the shadows will face escalating consequences, regardless of where they are based.