UK smashes Russian cybercrime networks responsible for attacks on UK businesses

25th November 2025

The UK, US and Australia yesterday announced new sanctions targeting Media Land, a Russian cyber crime group providing so-called 'bulletproof' hosting services.

New sanctions target the Media Land cybercrime syndicate responsible for facilitating cyber-attacks on UK-based companies.

Foreign Secretary announces latest crack down on illicit cyber activity globally, as cyber-attacks cost the UK economy £14.7 billion in 2024.
Yesterday's coordinated action with Australia and the United States demonstrates the UK's ongoing commitment to tackling malicious Russian cyber activity.

Illicit Russian networks enabling cyber-attacks round the world were yesterday exposed and sanctioned by the UK, in latest crack down on malicious Russian cybercrime.

Yesterday's action targets Media Land, one of the most significant operators of so-called "bulletproof" hosting services, which provides online infrastructure that enables cyber criminals to engage in illegal activity, including ransomware and phishing attacks.

These shadowy online networks allow cyber criminals and malicious actors to think they can act with impunity and destroy livelihoods - yesterday's action, taken alongside our allies in Australia and the United States and in collaboration with the UK's National Crime Agency, proves otherwise.

Cyber criminals hiding behind Media Land's services are responsible for ransomware attacks against the UK's critical national infrastructure including those in the telecommunications sector, as well as malware and phishing campaigns targeting UK taxpayers.

Defending Europe from malicious Russian cyber and hybrid activity is a shared priority for the UK and Germany, with Foreign Secretary Yvette Cooper set to meet her German counterpart Johann Wadephul.

Foreign Secretary, Yvette Cooper, yesterday said:

Cyber criminals think that they can act in the shadows, targeting hard working British people and ruining livelihoods with impunity.

But they are mistaken - together with our allies, we are exposing their dark networks and going after those responsible.

The measures will also directly target Media Land's ringleader Alexander Volosovik, AKA Yalishanda, who has been active in the cyber underground since at least 2010, and is known to have worked with some of the most notorious cyber criminal groups, including Evil Corp, LockBit and Black Basta.

Ransomware attacks like those facilitated by Media Land significantly undermine the national security of the UK and our allies and directly harm British businesses. Cyber-attacks are estimated to have cost British businesses £14.7bn in 2024, accounting for 0.5% of GDP and growing every year.

The harm caused by ‘bulletproof' hosting services like Media Land extends beyond enabling cyber-attacks against businesses, with their services providing cover for those carrying out a wide range of malicious activity. Aeza Group LLC, also sanctioned yesterday, has provided ‘bulletproof' services to support the work of the Social Design Agency - a Russian disinformation agency sanctioned by the UK in 2024 for its attempts to destabilise Ukraine and undermine democracies around the world. This action demonstrates our continued commitment to crack down on organisations that enable the Kremlin's information war.

Alongside our allies, the UK is rooting out these criminal cyber gangs and going after their ringleaders - promoting growth by safeguarding British businesses, fundamental to this government's Plan for Change.

Putin has turned Russia into a safe haven for these malicious cyber criminals, cultivating a dark criminal ecosystem with deep ties to the Kremlin. Through yesterday’s action and repeatedly targeting malicious actors like LockBit and Evil Corp, the UK is disrupting these underground networks. If Russia isn’t going to clean up its act and go after these criminals, then the UK and our allies will.

28 October 2025

UK sanctions Putin's interference actors
EnglishРусский язык
The UK has sanctioned 3 Russian agencies and 3 senior figures who are attempting to undermine and destabilise Ukraine and its democracy.

UK sanctions Russian disinformation agencies seeking to undermine Ukraine
Kremlin tasked Social Design Agency (SDA) is exposed for trying to incite anti-Ukraine protests across Europe
new sanctions also hit 3 leaders directing the firm’s operations
Three Russian agencies and 3 senior figures who are attempting to undermine and destabilise Ukraine and its democracy have been sanctioned today by the UK.

The Social Design Agency (SDA) is tasked and funded directly by the Russian State, and along with its partner company Structura, has attempted to deliver a series of interference operations designed to undermine democracy and weaken international support for Ukraine.

This year, the SDA also attempted to incite protests in half a dozen European countries. However, despite Russian pouring money into these malign organisations’ interference activities, their lies have consistently struggled online, with bots and fake sites getting limited interaction. This has forced the SDA to consider buying social media views.

The Foreign Secretary, David Lammy, said:

Putin is so desperate to undermine European support for Ukraine he is now resorting to clumsy, ineffective efforts to try and stoke unrest.

Today’s sanctions send a clear message: we will not tolerate your lies and interference, and we are coming after you.

Putin’s desperate attempts to divide us will fail. We will constrain the Kremlin, and stand with Ukraine for as long as it takes.

These firms and their leadership are responsible for a vast malign online network, also commonly known as Doppelganger, which plagues social media with fake posts, counterfeit documents and deepfake material. These deceitful tactics are designed to mask the truth around Russia’s illegal invasion of Ukraine and distract from the true nature of the war. Their murky actions are part of a co-ordinated attempt to use deceptive information operations to undermine democracy in pursuit of their aims.

These new sanctions demonstrate that no matter how desperate the Russian interference activity has become, the UK is committed to taking action against Russian information manipulation. We will continue to bear down on anyone conducting such activities on behalf of SDA.

The US, Canada, France, European External Action Service (EEAS), Germany and Australia join us in calling out the SDA’s underhand activity globally.


View the full UK Sanctions List at https://www.gov.uk/government/publications/the-uk-sanctions-list

The full list of those sanctioned today is:

PR agency Social Design Agency (SDA)
PR agency Structura National Technologies
PR agency ANO DIALOG
Ilya Andreevich GAMBASHIDZE, the founder of SDA
Nikolay Aleksandrovich TUPIKIN, the CEO of SDA and owner of Structura
Andrey Naumovich PERLA, SDA Project Director

These firms are responsible for a vast malign online network, commonly known as Doppelganger. Content including fake posts, counterfeit documents and deepfake material has been pushed out to audiences in English, German and French through a complex online network.

The SDA has crafted a web of at least 120 sites spoofing existing news and government websites, towards which it deceptively redirects unsuspecting social media users. Tactics included avoiding common trigger words to circumvent content moderation tools and evade account takedowns. We are working with social media platforms to ensure they are aware of this activity.

Our international partners have also previously exposed Doppelganger’s malign interference networks, including France and the EEAS. As part of the monitoring and analysis for the 2024 European Parliament Elections. The European External Action Service has detected that an Doppelganger / RRN Media operation actively promoted Russian narratives to disrupt and interfere with the electoral process.

This network was previously attributed by META to the SDA and revealed to be running global information operations aimed at weakening support for Ukraine. France has exposed these Russian actors in June 2023 through the publication of a report by its agency, Viginum.

11 February 2025

New UK sanctions target Russian cybercrime network

New UK sanctions target Russian cybercrime network
EnglishРусский язык
A key Russian cybercrime syndicate responsible for aiding merciless ransomware attacks around the world has been targeted by new UK sanctions.

A key Russian cybercrime syndicate responsible for aiding merciless ransomware attacks around the world has been targeted by new UK sanctions.

UK sanctions target Russian cyber entity, ZSERVERS responsible for facilitating crippling ransomware attacks globally
targets also include 6 ZSERVERS members who are part of a prolific cybercrime supply chain, and their UK front company XHOST
action on illicit Russian cybercrime syndicate is latest step to strengthen UK national security
Fresh sanctions are targeting ZSERVERS, a key component of the Russian cybercrime supply chain, and 6 of its members, as well as its UK front company, XHOST Internet Solutions LP. ZSERVERS provide vital infrastructure for cybercriminals as they plan and execute attacks against the UK.

The illicit supply chain protects, supports and conceals the operations of some of the world’s most ruthless ransomware gangs. Ransomware actors rely on these services to launch attacks, extort victims and store stolen data.

In the modern digital-first economy, cyber security is a non-negotiable cornerstone of business success. A secure digital economy is a less attractive target for cybercriminals and a more attractive home for investment, generating jobs and putting more money into hardworking people’s pockets, delivering on this government’s Plan for Change.

Foreign Secretary, David Lammy, said:

Putin has built a corrupt mafia state driven by greed and ruthlessness. It is no surprise that the most unscrupulous extortionists and cyber-criminals run rampant from within his borders.

This government will continue to work with partners to constrain the Kremlin and the impact of Russia’s lawless cyber underworld. We must counter their actions at every opportunity to safeguard the UK’s national security and deliver on our Plan for Change.

Predatory ransomware groups pose a clear and persistent threat to national security, public services and privacy. These attacks threaten critical national infrastructure, disrupt essential services, compromise sensitive data and generated $1 billion from their victims globally in 2023 alone.

Minister of State for Security, Dan Jarvis, said:

Ransomware attacks by Russian affiliated cybercrime gangs are some of the most harmful cyber threats we face today and the government is tackling them head on. Denying cybercriminals the tools of their trade weakens their capacity to do serious harm to the UK.

We have already announced new world-first proposals to deter ransomware attacks and destroy their business model. With these targeted sanctions and the full weight of our law enforcement, we are countering the threats we face to protect our national security, a foundation of our Plan for Change, and our economy.

ZSERVERS explicitly advertise themselves to illicit actors as a Bulletproof Hosting (BPH) Provider. Some BPH are known to host hackers, misinformation, child exploitation material, spam and hate speech. BPH providers like ZSERVERS, protect and enable cybercriminals, offering a range of purchasable tools which mask their locations, identities, and activities. Targeting these providers can disrupt hundreds or thousands of criminals simultaneously.

Today’s action is the latest in a series of coordinated steps alongside US and Australian partners, and comes off the back of recent sanctions against notorious ransomware groups LockBit and Evil Corp.

LockBit affiliates are known to have used ZSERVERS as a launch pad for targeting the UK, enabling ransomware attacks against various targets, including the non-profit sector.

Protecting the nation from threats both physical and digital sits at the foundation of the government’s Plan for Change. That is why we are moving through the entire ransomware pipeline step by step, cracking down on Russian cybercriminals that threaten the UK’s security, integrity, and prosperity.

The full list of those sanctioned today:

ZSERVERS
XHOST Internet Solutions LP
Aleksandr Bolshakov (employee)
Aleksandr Mishin (employee)
Ilya Sidorov (employee)
Dmitriy Bolshakov (employee)
Igor Odintsov (employee)
Vladimir Ananev (employee)