Advertisement
Cyber Crime

U.S. Targets VPN Infrastructure Enabling Global Ransomware Campaigns

Federal authorities have sanctioned a specialized VPN provider and a malware cryptor vendor to disrupt ransomware supply chains.

··3 hours ago·2 min read
img IX mining rig inside white and gray room
Photo by imgix on Unsplash
Advertisement

The digital shadows protecting cybercriminal syndicates have begun to fray as international authorities shift their focus toward the infrastructure providers themselves. By hitting the services that facilitate anonymity for attackers, governments are attempting to raise the operational costs for those targeting critical infrastructure.

Disrupting the Ransomware Supply Chain

The U.S. Treasury Department's Office of Foreign Assets Control has officially designated First VPN Service—a provider known as 1VPNS—along with its administrator, 45-year-old Dmytro Rashevskyi. This action marks a notable shift in enforcement, moving from targeting individual hackers to dismantling the technical foundations that make large-scale ransomware campaigns feasible.

Alongside the VPN crackdown, the Treasury sanctioned Yegeniy Vladimirovich Silayev, a Belarusian national accused of peddling cryptors. These tools are engineered to disguise malware as legitimate software, allowing malicious payloads to bypass security detection mechanisms. The VPN itself, which was dismantled in May 2026, reportedly served as a critical hub for ransomware groups to manage exfiltrated data and hide the origins of their attacks on U.S. financial and medical institutions.

Attribution and Global Sanctions

The U.K. and E.U. have simultaneously intensified pressure on Russian-linked cyber networks. Recent intelligence indicates that the FSB's Centre 16—which has been linked to disruptive sabotage operations against Poland—is leveraging compromised networking hardware on a global scale. European officials issued a strong statement regarding this ecosystem:

We strongly condemn Russia's behaviour and misuse of this cyber ecosystem, targeting public services and critical infrastructure, causing disruptions and financial losses. By calling out Russia's malicious behaviour and imposing costs on those responsible for such activities, the EU underscores its determination to uphold accountability in cyberspace.

— High Representative on behalf of the European Union, in a statement regarding the Russian cyber ecosystem.

Vulnerability Exploitation Trends

Against this backdrop of state-sponsored activity, the FBI has released a new advisory highlighting the abuse of network devices. Attackers are specifically scanning for exposed SNMP agents to siphon configuration files from routers. This campaign relies heavily on aging vulnerabilities to gain an initial foothold, prompting urgent action from security agencies.

  • The VPN provider 1VPNS had been active since 2014.
  • The administrator, Dmytro Rashevskyi, used aliases including 'Maksim Sorin' and 'Roman Chabanenko' to secure infrastructure.
  • CISA has added CVE-2008-4128 to its KEV catalog, with a remediation deadline of July 16, 2026.
  • Attackers are actively abusing vulnerabilities including CVE-2018-0171 and CVE-2008-4128.

Consequences for Enterprise Security

For organizations, these developments underscore the danger of relying on default security configurations for edge devices. As state-aligned groups weaponize these gaps, the barrier to entry for high-impact sabotage is effectively lowered. Businesses must prioritize patching legacy vulnerabilities and tightening SNMP access, as these are no longer theoretical risks but active targets in the ongoing battle for control of critical network infrastructure.

#ransomware#vpn#cyber espionage#critical infrastructure#malware

Iliyas Mansuree

Founder & Editor, Xploitwire

16 years of experience in data privacy, cloud security, and information protection. More by this author →

← Back to all stories
Advertisement