WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC), Australia’s Department of Foreign Affairs and Trade, and the United Kingdom’s Foreign Commonwealth and Development Office are announcing coordinated sanctions targeting Media Land, a Russia-based bulletproof hosting (BPH) service provider, for its role in supporting ransomware operations and other forms of cybercrime. OFAC is also designating three members of Media Land’s leadership team and three of its sister companies in coordination with the Federal Bureau of Investigation.
BPH service providers sell access to specialized servers and other computer infrastructure specifically designed to evade detection and defy law enforcement efforts to disrupt malicious cyber activities.
In addition, OFAC and the United Kingdom are designating Hypercore Ltd., a front company of Aeza Group LLC (Aeza Group), a BPH service provider designated by OFAC earlier this year. OFAC, in coordination with its UK partners, is also designating two additional individuals and two entities that have led, materially supported, or acted for Aeza Group.
“These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “Today’s trilateral action with Australia and the United Kingdom, in coordination with law enforcement partners, demonstrates our collective commitment to combatting cybercrime and protecting our citizens.”
Media Land: a key Launching pad for ransomware
Media Land LLC (Media Land), headquartered in St. Petersburg, Russia, has provided BPH services to criminal marketplaces and ransomware actors, including prolific ransomware actors such as Lockbit, BlackSuit, and Play. Media Land infrastructure was also utilized in multiple distributed denial-of-service (DDOS) attacks against U.S. victim companies and critical infrastructure.
ML Cloud is a Media Land sister company whose technical infrastructure is often used in conjunction with Media Land, including in ransomware and DDOS attacks.
Aleksandr Volosovik (Volosovik) is the general director of Media Land and has frequently advertised the Media Land business on cybercriminal forums under the alias “Yalishanda.” He has provided servers and conducted troubleshooting for ransomware and DDOS actors.
Kirill Zatolokin (Zatolokin) is a Media Land employee who is responsible for collecting payment from customers and coordinating with other cyber actors. He also works closely with Volosovik on Media Land’s overall operations.
OFAC is designating Media Land, ML Cloud, Volosovik, and Zatolokin pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, E.O. 14144, and E.O. 14306 (“E.O. 13694, as further amended”), for being responsible or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States, and that have the purpose of or involve causing a disruption to the availability of a computer or network of computers or compromising the integrity of the information stored on a computer or network of computers.
Yulia Pankova (Pankova) is aware of Volosovik’s illicit activity, has assisted Volosovik with legal issues, and has handled his finances. OFAC is designating Pankova pursuant to E.O. 13694, as further amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods, and services to or in support of, Volosovik.
Media Land Technology (MLT) and Data Center Kirishi (DC Kirishi) are 100 percent-owned subsidiaries of Media Land. OFAC is designating MLT and DC Kirishi pursuant to E.O. 13694, as further amended, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Media Land.
Maintaining Pressure on Aeza Group
After OFAC’s designations of Aeza Group (Aeza) and its leadership on July 1, 2025, Aeza leadership initiated a rebranding strategy focusing on removing any connections between Aeza and their new technical infrastructure. OFAC’s designations today serve as a reminder that OFAC will take all possible steps to counter sanctions evasion activity by malicious cyber actors and their enablers.
Hypercore Ltd. (Hypercore) is a UK company registered and utilized by Aeza Group after its designation to move its IP infrastructure and evade sanctions. OFAC is designating Hypercore pursuant to E.O. 13694, as further amended, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Aeza.
Maksim Vladimirovich Makarov (Makarov) is the new director of Aeza. He has made key decisions regarding Aeza Group’s attempt to evade sanctions. OFAC is designating Makarov pursuant to E.O. 13694, as further amended for being a leader, official, senior executive officer, or member of the board of directors of Aeza.
Ilya Vladislavovich Zakirov (Zakirov) helped establish new companies and payment methods to obfuscate Aeza’s continuing activity. OFAC is designating Zakirov pursuant to E.O. 13694, as further amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, Aeza.
Smart Digital Ideas DOO (Smart Digital) and Datavice MCHJ (Datavice) and are Serbian and Uzbek companies utilized by Aeza to evade sanctions and set up technical infrastructure that is not publicly associated with the Aeza brand.
OFAC is designating Smart Digital pursuant to E.O. 13694, as further amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support, of Aeza.
OFAC is designating Datavice pursuant to E.O. 13694, as further amended, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Aeza.
Additionally, the Cybersecurity and Infrastructure Security Agency, in conjunction with law enforcement and international partners, released guidance with further information on how to mitigate risks presented by bulletproof hosting providers. For further information, please click here.
SANCTIONS IMPLICATIONS
As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons.
In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from any such person.
Violations of OFAC regulations may result in civil or criminal penalties. OFAC’s Economic Sanctions Enforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. sanctions, including the factors that OFAC generally considers when determining an appropriate response to an apparent violation.
The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the SDN List, but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897 here. For detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.
Click here for more information on the individuals and entities designated today.