Three Russian nationals and a pair of bulletproof hosting providers directly supported a series of attacks on critical infrastructure in 21 states and several countries, according to a 2024 indictment unsealed in federal court Tuesday. Officials, who have been investigating the trio and their companies since 2019, said the attacks resulted in losses surpassing $62 million.Alexander Alexandrovich Volosovik, the 43-year-old owner of Media Land; Yulia Vladimirovna Pankova, the 29-year-old owner of ML.Cloud; and 34-year-old Kirill Andreevich Zatolokin were charged with conspiracy to commit and aid computer fraud, conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering.The State Department also offered a reward up to $10 million for information on government-linked associates of the alleged cybercriminals and malicious use of Media Land or ML.Cloud. The Treasury Department and officials from the United Kingdom and Australia imposed sanctions on Volosovik, Zatolokin, Pankova, Media Land and ML.Cloud in November 2025. The three accused Russians, Media Land and ML.Cloud were all based in St. Petersburg as of 2024.“With today’s actions, the FBI and our partners are striking at the core services that cybercriminals rely on to attack U.S. critical infrastructure,” Brett Leatherman, assistant director of the FBI Cyber Division, said in a statement. “This is another step in our broader campaign to shrink the space in which these actors can operate, forcing them to work harder, take greater risks, and lose the anonymity they depend on.”Media Land and ML.Cloud allegedly provided cybercriminals with infrastructure and technical support to infect systems with malware and ransomware for extortion. Officials said the organizations also supported criminal marketplaces, fraudulent domain registrations and platforms that cybercriminals used to commit phishing and brute-force attacks.Officials said they identified a consistent and long-running pattern of criminal activities facilitated by Volosovik, Pankova, Zatolokin, Media Land and ML.Cloud.Investigators located victims across 21 states, including nine cities in the Northern District of Ohio, where the indictment was filed. Additional victims were located in Australia, the European Union, the United Arab Emirates, Canada and the United Kingdom.Bulletproof hosting providers are increasingly used by cybercriminals to obfuscate their activities, deliver malware, phishing, and host content and services that support ransomware, data extortion and denial-of-service attacks.“From their overseas safe haven, these defendants ran the criminal infrastructure that powered attacks on critical institutions across our nation,” A. Tysen Duva, assistant attorney general of the Justice Department’s Criminal Division, said in a statement. “Their actions put the American public at risk. We will continue to dismantle these networks and protect our critical infrastructure from cybercriminals at home and abroad.”The post Russian trio indicted for allegedly running bulletproof hosting providers that spurred cybercrime appeared first on CyberScoop.