CANBERRA, ACT. — The Australian Government and allies in the United Kingdom and the United States have today jointly sanctioned two Russian men and two companies after international investigations into cybercriminal networks responsible for cyber attacks against Australian and international businesses.
The Australian Government has sanctioned two Russian men, Aleksandr Alexandrovich Volosovik (also known as Yalishanda) and Kirill Andreevich Zatolokin, who operate two companies that have provided services to cybercriminals on the dark web for over ten years.
The sanctioned companies – Media Land LLC and ML.Cloud LLC – provides a service known as ‘bulletproof hosting’, in which cyber criminals pay to use the company’s digital infrastructure to commit sophisticated cybercrimes such as ransomware attacks, malware infections, and scams.
These companies aid criminal activity by deliberately avoiding or ignoring requests from international law enforcement and governments to take down websites conducting illegal activity on their platforms.
Criminal campaigns that targeted Australia, the United States, the European Union, and the United Kingdom using Media Land LLC and ML.Cloud LLC infrastructure included:
Cyber attacks, such as denial-of-service or distributed-denial-of-service attacks, against critical infrastructure, resulting in the disruption and degradation of services;
Malware campaigns targeting Australians and Australian financial institutions;
Ransomware attacks by syndicates including Lockbit, Blacksuit, and Clop against Australian and international businesses, resulting in the exfiltration of data, encryption of systems, and extortion of victims.
Today’s sanctions imposed by the Minister for Foreign Affairs, Senator Penny Wong, on Volosovik, Zatolokin, Media Land LLC and ML.Cloud LLC include financial penalties and travel bans to disrupt criminal activity, expose cybercriminals’ identities, and impose costs and consequences on cybercriminals.
“The Albanese Government is working to strengthen Australia’s resilience and keep Australians safe from cyber criminals.
“Working across government and with international partners, we will continue to take action against Russia, to disrupt cybercrime and hold malicious cyber actors to account,” Senator Wong said.
This is the fifth use of Australia’s cyber sanctions framework against malicious cyber actors and the second time against entities.
These sanctions are supported by the intelligence and investigative capabilities of the Australian Signals Directorate and the AFP under joint standing Operation Aquila and are part of ongoing coordinated international law enforcement action.
Under the cyber sanctions framework, it is a criminal offence for Australians or people in Australia to provide assets to the sanctioned individuals or to deal with Media Land LLC or ML.Cloud LLC.
It is also an offence to use or deal with their assets, including through cryptocurrency wallets or ransomware payments. Any assets owned by the two cybercriminal services or the two men must be frozen.
The maximum penalty for anyone breaching sanctions is 10 years’ imprisonment and/or significant fines.
Home Affairs and Cyber Security Minister Tony Burke said that “We will continue to do everything we can to break down the networks and alienate the individuals who are driving cyber attacks against Australia and Australian interests.”
AFP Cyber Command Assistant Commissioner Richard Chin said the darknet services and the two Russian men helped international cybercriminals attack Australians and steal from innocent victims.
“They provided cybercriminals with a perceived layer of protection by refusing to take down websites with illegal content that had been flagged by international law enforcement agencies and governments,” Assistant Commissioner Chin said.
“The name suggests they are ‘bulletproof’, but our message to cybercriminals is clear – just because you operate on the dark web, it does not mean you are beyond law enforcement and our partners. We can see your criminal activity and we will find you.”
Australia’s Ambassador for Cyber Affairs and Critical Technology, Ms Jess Hunter, said
“The Australian Government was determined to hold malicious cyber actors to account.
“Cyber sanctions work to deter cybercrime and help protect Australians by exposing the activities and identity of malicious cybercriminals operating across jurisdictions, placing them at further risk of detection wherever they may hide.”
For more information on bulletproof hosting providers, read the ASD and AFP joint publication, “Bulletproof” hosting providers: Cracks in the armour of cybercriminal infrastructure.
Watch our cybercrime prevention videos and protect yourself from cybercriminals.
What to do if you’re a victim of a scam
- Stop all communication with the scammer.
- Contact your financial institution if you have transferred money or suspect unusual account activity.
- Report it to the police using Report Cyber.
- Report suspected scams to ScamWatch to help others avoid similar scams.
- If you were contacted via social media, report it to the social media platform.
- Use strong, unique passphrases on your accounts and enable multi-factor authentication wherever possible.
- If you are concerned your identity has been compromised, contact the national identity and cyber support services, IDCARE.
If you or someone you know needs help, we encourage you to contact Lifeline on 13 11 14 or Beyond Blue on 1300 224 636. They provide 24/7 support services.
If you are a victim of cybercrime, report it to police via ReportCyber. If there is an immediate threat to life or risk of harm, call 000.
