AUKUS Blasts Holes In LockBit's Bulletproof Hosting Provider (theregister.com) 11
The US, UK, and Australia (AUKUS) have sanctioned Russian bulletproof hosting provider Zservers, accusing it of supporting LockBit ransomware operations by providing secure infrastructure for cybercriminals. The sanctions target Zservers, its UK front company XHOST Internet Solutions, and six individuals linked to its operations. The Register reports: Headquartered in Barnaul, Russia, Zservers provided BPH services to a number of LockBit affiliates, the three nations said today. On numerous occasions, affiliates purchased servers from the company to support ransomware attacks. The trio said the link between Zservers and LockBit was established as early as 2022, when Canadian law enforcement searched a known LockBit affiliate and found evidence they had purchased infrastructure tooling almost certainly used to host chatrooms with ransomware victims.
"Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on US and international critical infrastructure," said Bradley T Smith, acting under secretary of the Treasury for terrorism and financial intelligence. "Today's trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security." The UK's Foreign, Commonwealth & Development Office (FCDO) said additionally that the UK front company for Zservers, XHOST Internet Solutions, was also included in its sanctions list. According to Companies House, the UK arm was incorporated on January 31, 2022, although the original service was established in 2011 and operated in both Russia and the Netherlands. Anyone found to have business dealings with either entity can face criminal and civil charges under the Sanctions and Anti-Money Laundering Act 2018.
The UK led the way with sanctions, placing six individuals and the two entities on its list, while the US only placed two of the individuals -- both alleged Zservers admins -- on its equivalent. Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, both 30 years old, were named by the US as the operation's heads. Mishin was said to have marketed Zservers to LockBit and other ransomware groups, managing the associated cryptocurrency transactions. Both he and Bolshakov responded to a complaint from a Lebanese company in 2023 and shut down an IP address used in a LockBit attack. The US said, however, it was possible that the pair set up a replacement IP address that LockBit could carry on using, while telling the Lebanese company that they complied with its request. The UK further sanctioned Ilya Vladimirovich Sidorov, Dmitry Konstantinovich Bolshakov (no mention of whether he is any relation to Aleksandr), Igor Vladimirovich Odintsov, and Vladimir Vladimirovich Ananev. Other than that they were Zservers employees and thus were directly or indirectly involved in attempting to inflict economic loss to the country, not much was said about either of their roles.
"Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on US and international critical infrastructure," said Bradley T Smith, acting under secretary of the Treasury for terrorism and financial intelligence. "Today's trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security." The UK's Foreign, Commonwealth & Development Office (FCDO) said additionally that the UK front company for Zservers, XHOST Internet Solutions, was also included in its sanctions list. According to Companies House, the UK arm was incorporated on January 31, 2022, although the original service was established in 2011 and operated in both Russia and the Netherlands. Anyone found to have business dealings with either entity can face criminal and civil charges under the Sanctions and Anti-Money Laundering Act 2018.
The UK led the way with sanctions, placing six individuals and the two entities on its list, while the US only placed two of the individuals -- both alleged Zservers admins -- on its equivalent. Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, both 30 years old, were named by the US as the operation's heads. Mishin was said to have marketed Zservers to LockBit and other ransomware groups, managing the associated cryptocurrency transactions. Both he and Bolshakov responded to a complaint from a Lebanese company in 2023 and shut down an IP address used in a LockBit attack. The US said, however, it was possible that the pair set up a replacement IP address that LockBit could carry on using, while telling the Lebanese company that they complied with its request. The UK further sanctioned Ilya Vladimirovich Sidorov, Dmitry Konstantinovich Bolshakov (no mention of whether he is any relation to Aleksandr), Igor Vladimirovich Odintsov, and Vladimir Vladimirovich Ananev. Other than that they were Zservers employees and thus were directly or indirectly involved in attempting to inflict economic loss to the country, not much was said about either of their roles.
So "to sanction" is "blasting holes"? (Score:3)
Re: (Score:3)
The Register uses bombastic words that rarely make sense and Slashdot rarely does more than copypasta.
I thought Russian businesses were already sanctioned for the UA grift so I have no idea what's going on.
Re: (Score:2)
Please explain how these phrases fit together. My understanding is, those knowingly hosting ransom-ware servers were probably not planning on traveling to their victim's home countries anyway, even before "being sanctioned", and probably also did not plan on doing legal business with those countries. Does "blasting holes" mean someone is planning to send a military operations team into Russia and blast holes into these people? Or will this be as effective as "sanctions" imposed on narcotics manufacturers elsewhere in the world?
Sanctions are legal actions against specific entities that limit their ability to operate in western countries, I.E. the various front companies used by Zservers will be investigated and shut down, bank accounts frozen, warrants placed on certain individuals that will limit their movement and most importantly, punishments for any western company, person or entity doing business with a sanctioned organisation.
Now in the US, corruption, even at the highest level goes unpunished, in many cases it's even enc
Since day-one of the Web, I've wondered one thing. (Score:1)
Translated from cyberspook (Score:2)
Apart from Xitter, Zservers is the only hosting provider we haven't already back-doored.
Fuck Russia, but Fuck Backdoors more. (Score:2)
This story is really the US and UK saying they're pissed off that there exists a hosting provider in the world that they don't have direct backdoor access to or ultimately are able to get it at the drop of a whim. Amazing how much the countries that cry about how free they are are always trying to find new ways to curtail freedom. "But, but, criminals, think of the children, terrorists." Fuck off, limp-dicks. While there may have been a kernel of truth in that bullshit when it started, it's now a well-known
UK leading the way for shell companies (Score:2)
I see the UK is leading the way for shell companies for this sort of thing. "Londongrad" indeed :-(
There's a chap called Dan Needle who's been investigating a whole slew of hundreds of fake companies registered on Companies House. These fake companies submit fake accounts, so they look like they have billions (yeah, they don't fake it small). They can't use the name 'bank' in their name, but they CAN use the banking "activity" field in the filing, so they look like a bank.
These fake companies are all breaki
Nuclear Subs (Score:2)
The whole AUKUS thing was about getting the aussies nuclear subs.
So, what? Were they planning to use ruskie cloud servers for their documentation?
Bizarre.