Decoding the world of cybersecurity

US indicts alleged bulletproof hosting operators

US prosecutors have unsealed charges against three Russian nationals and two companies accused of providing infrastructure used in cybercrime affecting international victims.

US indicts alleged bulletproof hosting operators
Summary
  • The US Department of Justice unsealed an indictment against three Russian nationals, Media Land, and ML.Cloud.
  • Prosecutors allege the defendants provided infrastructure used in malicious cyber activity affecting critical infrastructure and international victims.
  • The case has European relevance through alleged infrastructure links and cooperation involving Dutch and UK authorities.

The US Department of Justice has unsealed an indictment against three Russian nationals and two companies accused of providing infrastructure for malicious cyber activity, in a case that reaches into international hosting, enforcement, and cybercrime enablement.

The indictment names Alexander Alexandrovich Volosovik, Kirill Andreevich Zatolokin, Yulia Vladimirovna Pankova, Media Land LLC, and ML.Cloud LLC. Prosecutors say the defendants were charged with conspiracy to commit and aid and abet computer fraud, conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering. The charges were returned by a federal grand jury in December 2024 and unsealed on 14 July 2026.

The DOJ says the case concerns malicious cyber activities affecting US critical infrastructure and victims in several countries, with losses amounting to tens of millions of dollars. The State Department’s Rewards for Justice programme is offering a reward of up to $10 million for actionable information on foreign government-linked associates of the named individuals, their malicious cyber activities, or foreign government-linked use of Media Land or ML.Cloud.

The allegations remain unproven unless established in court. That distinction is important where defendants may be outside US custody and arrest or extradition is uncertain. The indictment still provides a useful view of how prosecutors and law enforcement agencies are applying pressure to the infrastructure layer that supports cybercrime.

Bulletproof hosting sits close to the supply side of ransomware, malware deployment, credential theft, command and control, phishing, and data exfiltration. Providers do not need to conduct every intrusion themselves to be operationally important. Resilient servers, ignored abuse complaints, customer anonymity, and fast infrastructure movement can lower the cost and increase the durability of criminal campaigns.

The European connection is material. The DOJ says Media Land’s infrastructure operated out of multiple countries, including Finland and the Netherlands, and wider enforcement activity around Russian cybercrime infrastructure has involved UK, Dutch, EU, and allied authorities. European organisations experience the impact through ransomware downtime, stolen credentials, fraudulent payments, data theft, and supplier disruption, even when the infrastructure provider is several legal steps away from the victim.

The indictment fits a wider pattern of law enforcement and sanctions activity against enabling services. Governments are increasingly targeting hosting providers, VPN services, malware obfuscation providers, payment channels, and administrators who support criminal operations. That approach recognises that ransomware and cyber extortion rely on infrastructure ecosystems, not only named intrusion groups.

Enterprise exposure comes through the operational layer. If a hosting provider enables malware delivery, command infrastructure, or data staging, organisations may see the result as business interruption, regulatory disclosure, recovery cost, or customer harm. The provider’s distance from the victim does not reduce the operational damage.

The DOJ’s Media Land indictment notice records another attempt to pursue the suppliers behind cybercrime. The case points to a mature criminal market with infrastructure, services, customers, administrators, and commercial incentives that law enforcement is trying to disrupt.

×