Australia Implements Restrictions on Russian Cybercriminals

Australia has imposed financial sanctions on five Russian individuals and a cybercriminal infrastructure provider for facilitating illegal activities online.

The Australian Federal Police (AFP) acknowledged the joint decision by Australia, the United States, and the UK to sanction “ZServers,” a cybercrime service provider based in Barnaul, Russia.

ZServers played a role in the Medibank Private data breach in October 2022, compromising personal and medical information of millions of customers.

This marks Australia’s first cyber sanction against an entity.

The five individuals who were sanctioned—Aleksandr Bolshakov (ZServers’ owner), Aleksandr Mishin and Ilya Sidorov (senior employees), and Dimitriy Bolshakov and Igor Odintsov (employees)—have been implicated in illicit cyber activities associated with ZServers.

Global Cybercrime Networks Disrupted

ZServers operated as a bulletproof hosting (BPH) provider, offering cybercriminals resilient online infrastructure resistant to takedown efforts. These services enable criminals to operate anonymously while ignoring complaints from victims.

The LockBit ransomware group utilized ZServers to distribute ransomware and extort Australian businesses and individuals.

LockBit was disrupted in February 2024 through a Europol-led operation involving law enforcement from 10 countries, including the AFP.

Under Australia’s cyber sanctions framework, providing assets to ZServers or the sanctioned individuals, including through cryptocurrency or ransomware payments, is now a criminal offense punishable by up to 10 years in prison and heavy fines. Australian institutions must freeze any assets connected to them.

Law Enforcement Expands Cybercrime Crackdown

According to the AFP, collaborating with the Department of Foreign Affairs and Trade (DFAT) and the Australian Signals Directorate (ASD), it targeted individuals linked to major cybercriminal groups, including Aleksandr Ermakov (Medibank breach), Dmitry Yuryevich Khoroshev (LockBit syndicate), and senior members of “Evil Corp.”

AFP Cyber Command Assistant Commissioner Richard Chin outlined the role of BPH providers in facilitating cybercrime.

“Bulletproof hosting providers protect criminals by refusing to take down sites hosting illegal content despite warnings from law enforcement,” he said.

Parliament Urged to Strengthen Scam Laws

According to December 2024 data, the AFP-led Operation Dolos prevented $83 million in cyber fraud losses since 2020, with over 100 investigations ongoing.

Under Operation Aquila, the AFP and ASD have targeted international ransomware groups.

The AFP’s Joint Policing Cybercrime Coordination Centre (JPC3) also played a key role in Operation Nebulae, dismantling the phishing-as-a-service platform LabHost and leading to five Australian arrests.

In another major initiative, Operation Firestorm is pursuing organized crime syndicates behind scam centers in Southeast Asia and Eastern Europe. This operation, supported by AFP cybercrime liaison officers worldwide, follows the October takedown of a Philippine scam center, which resulted in 250 arrests.

The announcement coincides with Assistant Treasurer Stephen Jones’ farewell speech, urging Parliament to pass his anti-scam bill.

“Australians are losing $7 million a day to scams, and we can do better,” Jones said.

The Scams Prevention Framework Bill, introduced in November 2024, aims to hold businesses accountable for scam prevention, increase penalties for non-compliance, and strengthen consumer protections.