AFP logo at EBB Canberra

News Centre

Our latest media releases, podcasts and stories
Get a police check Report a crime Apply for a job
Media Release

AFP supports government sanctions on two dark web services and their operators who are responsible for significant cyber incidents against Australia

This is a joint media release between Australian Federal Police, Department of Foreign Affairs and Trade, and Australian Signals Directorate.

Editor’s note: Images of the sanctioned Russian men and their company webpage is available via Hightail. 

The Australian Government and allies in the United Kingdom and the United States have today (20 November, 2025) jointly sanctioned two Russian men and two companies after international investigations into cybercriminal networks responsible for cyber attacks against Australian and international businesses.

The Australian Government has sanctioned two Russian men, Aleksandr Alexandrovich Volosovik (aka Yalishanda) and Kirill Andreevich Zatolokin, who operate two companies that provided services to cyber criminals on the dark web over a ten-year period. 

The sanctioned companies - Media Land LLC and ML.Cloud LLC - provide a service known as ‘bulletproof hosting’, in which cyber criminals pay to use the companies’ digital infrastructure to commit sophisticated cybercrimes such as ransomware attacks, malware infections, and scams. 

These companies aid criminal activity by deliberately avoiding or ignoring requests from international law enforcement and governments to take down websites conducting illegal activity on their platforms.

Criminal campaigns that targeted Australia, the United States, the European Union, and the United Kingdom using Media Land LLC and ML.Cloud LLC infrastructure included: 

Cyber attacks, such as denial-of-service, or distributed-denial-of-service attacks, against critical infrastructure, resulting in the disruption and degradation of services;

Malware campaigns targeting Australians and Australian financial institutions; 

Ransomware attacks by syndicates including Lockbit, Blacksuit, and Clop against Australian and international businesses, resulting in the exfiltration of data, encryption of systems, and extortion of victims.

Today’s sanctions imposed by the Minister for Foreign Affairs on Volosovik, Zatolokin, Media Land LLC and ML.Cloud LLC include financial penalties and travel bans to disrupt criminal activity, expose cybercriminals’ identities, and impose costs and consequences on cybercriminals. 

This is the fifth use of Australia's cyber sanctions framework against malicious cyber actors and the second time against entities. 

These sanctions are supported by the intelligence and investigative capabilities of the Australian Signals Directorate and the AFP under joint standing Operation Aquila and are part of ongoing coordinated international law enforcement action.

Under the cyber sanctions framework, it is a criminal offence for Australians or people in Australia to provide assets to the sanctioned individuals or to deal with Media Land LLC or ML.Cloud LLC. 

It is also an offence to use or deal with their assets, including through cryptocurrency wallets or ransomware payments. Any assets owned by the two cybercriminal services or the two men must be frozen. 

The maximum penalty for anyone breaching sanctions is 10 years’ imprisonment and/or significant fines. 

AFP Cyber Command Assistant Commissioner Richard Chin said the darknet services and the two Russian men helped international cybercriminals attack Australians and stole from innocent victims. 

“They provided cybercriminals with a perceived layer of protection, by refusing to take down websites with illegal content that had been flagged by international law enforcement agencies and governments,” Assistant Commissioner Chin said. 

“The name suggests they are ‘bulletproof’, but our message to cybercriminals is clear – just because you operate on the dark web, it does not mean you are beyond law enforcement and our partners. We can see your criminal activity and we will find you.”

Australia’s Ambassador for Cyber Affairs and Critical Technology, Ms Jess Hunter, said 

“The Australian Government was determined to hold malicious cyber actors to account. 

“Cyber sanctions work to deter cybercrime and help protect Australians by exposing the activities and identity of malicious cybercriminals operating across jurisdictions, placing them at further risk of detection wherever they may hide.”

For more information on bulletproof hosting providers, read the ASD and AFP joint publication, "Bulletproof" hosting providers: Cracks in the armour of cybercriminal infrastructure.

Watch our cybercrime prevention videos and protect yourself from cybercriminals.

What to do if you’re a victim of a scam

  • Stop all communication with the scammer.
  • Contact your financial institution if you have transferred money or suspect unusual account activity.
  • Report it to police using Report Cyber.
  • Report suspected scams to ScamWatch to help others avoid similar scams.
  • If you were contacted via social media, report it to the social media platform.
  • Use strong, unique passphrases on your accounts and enable multi-factor authentication wherever possible.
  • If you are concerned your identity has been compromised, contact the national identity and cyber support services, IDCARE.

If you or someone you know needs help, we encourage you to contact Lifeline on 13 11 14 or Beyond Blue on 1300 224 636. They provide 24/7 support services.

If you are a victim of cybercrime, report it to police via ReportCyber. If there is an immediate threat to life or risk of harm, call 000.
 

Connect with us

Follow our social media channels to learn more about what the AFP does to keep Australia safe

Facebook
Twitter
LinkedIn
Instagram
YouTube
Content type