
Federal prosecutors on Tuesday unsealed an indictment against three Russians associated with a bulletproof hosting provider sanctioned by the U.S. and two allies in November. The U.S. government also posted a reward of up to $10 million for information in the case.
The Russians face multiple charges for allegedly providing cybercriminals with infrastructure and tech support through the St. Petersburg-based business Media Land and a sister company, ML Cloud.
Aleksandr Volosovik aka “Yalishanda,” owned Media Land, while Yulia Pankova owned ML Cloud, prosecutors said Tuesday. The third defendant, Kirill Zatolokin, was responsible for collecting payments for Media Land and coordinating services with cybercriminals, authorities said in announcing the sanctions last year.
The indictment, filed in December 2024, accuses all three with conspiracy to commit and aid and abet computer fraud; conspiracy to commit wire fraud; wire fraud; and conspiracy to commit money laundering. Bulletproof hosting services promise to help criminals evade law enforcement.
The document cites 44 unnamed victims who suffered $62 million in losses from cybercriminal groups aided by Media Land and ML Cloud.
“From their overseas safe haven, these defendants ran the criminal infrastructure that powered attacks on critical institutions across our nation,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Their actions put the American public at risk.”
Volosovik, Pankova and Zatolokin are known residents of St. Petersburg, authorities said. Russia and the U.S. do not have an extradition treaty. Moscow recently warned Russians not to travel to countries that routinely send criminal suspects to the U.S.
The State Department’s announcement of the $10 million bounty under its Rewards for Justice program emphasizes the search for information about foreign government links to the activities of Media Land and ML Cloud.
Cybercrime gangs and fraud forums
Ransomware groups such as Lockbit, BlackSuit and Play were among those using services from Media Land and ML Cloud, authorities said in December. A third business sanctioned at the time, Data Center Kirishi, is not mentioned in the indictment.
Cybercrime marketplaces such as Briansclub, Cardhouse, crdclub, Club2crd, Verified, Fullzinfo, Swipestore and Bidencash have used Media Land infrastructure, prosecutors said. Those forums all specialized in stolen credit card information. An international operation took down Bidencash last year.
In addition to the U.K. and Australia, agencies from the Netherlands assisted in the investigation, U.S. prosecutors said Tuesday.
“This action reflects the strength of close collaboration between international partners to identify, disrupt, and bring cybercriminals to justice,” said Paul Foster, director of the U.K.’s National Cyber Crime Unit, in a statement released with the U.S. announcement.
Recorded Future
Intelligence Cloud.