Zservers accused of selling a ‘bullet proof hosting’ services on known cybercriminal forums
Zservers, a Russia-based services provider has been called out by several governments for its role in supporting LockBit ransomware attacks.
In a statement issued by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), Australia’s Department of Foreign Affairs and Trade, and the United Kingdom’s Foreign Commonwealth and Development Office, it claimed that Zservers sold a ‘bullet proof hosting’ services on known cybercriminal forums to evade law enforcement investigations and takedowns.
“Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on U.S. and international critical infrastructure,” said Acting under secretary of the treasury for terrorism and financial intelligence, Bradley T. Smith.
“Today’s trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security.”
Leasing
Zservers is also accused of leasing numerous IP addresses to LockBit affiliates, who used the hosting services to coordinate and launch ransomware attacks.
During a 2022 search of a known LockBit affiliate, Canadian law enforcement uncovered a laptop operating a virtual machine that was connected to a Zservers’ subleased IP address and running a programming interface used to operate LockBit malware.
Also in 2022, a Russian cybercriminal purchased IP addresses from Zservers, while in 2023, Zservers leased infrastructure, including a Russian IP address, to a Lockbit affiliate.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
