Australia has imposed financial sanctions on five Russian individuals and a cybercriminal infrastructure provider for offering services which enabled notorious criminal networks to facilitate unlawful activity online.
The AFP acknowledges the decision by the Australian, US and UK governments today (12 February, 2025) to impose financial sanctions on the cybercrime service provider ‘ZServers’, operating from Barnaul, Russia.
ZServers provided services to the criminal actors responsible for the breach of Medibank Private in October 2022. This resulted in a compromise that affected millions of Medibank’s customers whose personal and sensitive medical information was stolen.
Financial sanctions and travel bans have also been imposed on five Russian individuals – Aleksandr Bolshakov (owner of ZServers), Aleksandr Mishin and Ilya Sidorov (ZServers senior employees), Dimitriy Bolshakov and Igor Odintsov (ZServers employees) – in relation to illicit cyber activity conducted by ZServers.
This is the first time Australia has imposed cyber sanctions against an entity.
ZServers is known as a bulletproof hosting (BPH) provider, which is a technical infrastructure service providing cybercriminals an online space to operate and run illicit content and operations.
BPH providers are resistant, but not immune, to takedown efforts from law enforcement and requests for cooperation, and ignore complaints from victims targeted by criminal activity endorsed by their services.
Global organised cybercrime networks believe BPH providers enable them to operate anonymously without the risk of being shut down or reported to authorities. The LockBit ransomware group, a prolific ransomware criminal syndicate, used ZServers to sell ransomware to other criminals online and extort many Australian individuals and businesses for payment.
The LockBit ransomware group was disrupted in February, 2024, following a Europol-led investigation involving law enforcement agencies from 10 countries, including the AFP.
Under the cyber sanctions framework, it is a criminal offence for Australians or people in Australia to provide assets to ZServers or the five Russian individuals, or to use or deal with their assets, including through cryptocurrency wallets or ransomware payments, and is punishable by up to 10 years’ imprisonment and/or significant fines. Any assets owned by ZServers or the five individuals held in Australian institutions must be frozen.
The AFP, in partnership with the Department of Foreign Affairs and Trade (DFAT) and Australian Signals Directorate (ASD), provide significant investigative cyber capabilities to the Australian government in support of cyber sanctions.
The tri-country sanctions follow a series of cyber sanctions in 2024, including Australia’s first cyber sanction against an individual Aleksandr Ermakov for his role in the Medibank Private data breach, the sanctioning of Dmitry Yuryevich Khoroshev for his senior position within the LockBit ransomware syndicate, and sanctions against three senior members of ‘Evil Corp’, one of the most prolific and persistent cybercrime groups in the world.
AFP Cyber Command Assistant Commissioner Richard Chin said ZServers helped international cybercriminals carry out attacks against Australians, crippling Australian businesses and extorting victims through threats and control of their sensitive and private data.
“Bulletproof hosting providers offer cybercriminals protection by refusing to take down websites containing dangerous, illegal content despite being flagged by law enforcement agencies, governments and even victims,” Assistant Commissioner Chin said.
“The AFP is working closely with the Australian Government and domestic and international law enforcement agencies to disrupt criminal networks running bulletproof hosting providers and the global organised cybercriminals who use them.
“Calling these hosting providers ‘bulletproof’ is a false marketing gimmick. Cybercriminals think they are safeguarded by these service providers, however, one massive swing from authorities can crack open and disrupt the infrastructure.
“Cybercrime service providers allow criminals to distribute and share the most vile content online, including child sexual abuse material, extremist content and ransomware used to conduct malicious cyber-attacks.
“By targeting these cybercrime service providers and collaborating with domestic and international law enforcement partners, the AFP disrupts thousands of cybercriminals across the globe to help secure Australia’s interests and protect Australians from harm.”
