Tag Archives: Belarus

USA Sanctioning Ransomware Enablers in Coordinated International Action

The United States recently sanctioned one entity and two individuals — First VPN Service (1VPNS), its administrator Dmytro Rashevskyi, and Yegeniy Vladimirovich Silayev — for providing critical support to ransomware groups that have targeted North American hospitals, schools, businesses, and local governments.

These actors supplied ransomware groups with tools to hide their identities, disguise malicious software, and evade detection — enabling attacks that have caused billions of dollars in losses to U.S. critical infrastructure providers.

This action reflects the United States’ commitment to working with allies and partners to disrupt the global cybercrime ecosystem. Today’s designations are coordinated with the United Kingdom’s Foreign, Commonwealth & Development Office, and follow a May 2026 European law enforcement takedown of 1VPNS’s infrastructure, supported by the FBI.

By targeting not just ransomware operators but the service providers and tool suppliers who make their attacks possible, the United States and its partners are dismantling the broader networks that sustain cybercriminal activity worldwide.

The United States will continue to use every diplomatic and economic tool available to disrupt foreign cybercriminals and their enablers and hold them accountable. Ransomware is not only a law enforcement challenge — it is a foreign policy threat that undermines the security and economic stability of the United States and its allies.

This action is being taken pursuant to the authorities under Executive Order (E.O.) 13694, as further amended by E.O. 13694, as amended by E.O. 13757, E.O. 14144, and E.O. 14306 (E.O. 13694, as amended).

Click here to report cyber-enabled crime to the FBI.

1VPNS: VPN SERVICE ENABLING RANSOMWARE OPERATIONS

1VPNS is a VPN provider whose principal clients include ransomware actors and other cybercriminals.  VPNs, which allow users to encrypt their internet traffic and hide their computers’ true location, have legitimate uses for privacy and security, but can support malicious activity if misused.  Numerous ransomware groups have purchased infrastructure from 1VPNS, which they have leveraged in attacks on U.S. companies and institutions—including to hide the origins of their attacks, deploy malware, and manage exfiltrated data. Victims of ransomware attacks that involved the use of 1VPNS infrastructure have included U.S. businesses, financial services companies, hospitals, and municipal governments.

1VPNS and its administrator, Rashevskyi, have provided this technological support to illicit actors. Since 2014, 1VPNS has advertised its services on multiple online cybercriminal forums, stating that it does not keep logs of users’ identities or activities, and that it refuses to cooperate with law enforcement investigations into illegal activity originating from the servers it rents to customers.  Rashevskyi has used false identities, including “Maksim Sorin” and “Roman Chabanenko,” to buy infrastructure from companies that might otherwise refuse to do business with him because of complaints of abuse from internet service providers about illegal activity originating from 1VPNS servers.

OFAC is designating 1VPNS and Rashevskyi pursuant to E.O. 13694, as amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, cyber-enabled activities originating from, or directed by persons located, in whole or substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States, and that have the purpose of or involve engaging in a ransomware attack, such as extortion through malicious use of code, encryption, or other activity to affect the confidentiality, integrity, or availability of data or a computer or network of computers, against a United States person, the United States, a United States ally or partner, or a citizen, national, or entity organized under the laws thereof.

OTHER ENABLERS OF THE CYBERCRIME ECOSYSTEM

In addition to 1VPNS and Rashevskyi, OFAC is designating Silayev, a Belarusian national and a cryptor provider who has supplied encryption and obfuscation services to ransomware operators targeting U.S. and allied entities.  Unlike legitimate encryption tools, which are designed to protect data and the privacy of the people that own it, cryptors are built specifically to make malware stealthier and more effective by disguising it as harmless files. 

OFAC is designating Silayev pursuant to E.O. 13694, as amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, cyber-enabled activities originating from, or directed by persons located, in whole or substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States, and that have the purpose of or involve engaging in a ransomware attack, such as extortion through malicious use of code, encryption, or other activity to affect the confidentiality, integrity, or availability of data or a computer or network of computers, against a United States person, the United States, a United States ally or partner, or a citizen, national, or entity organized under the laws thereof.

SANCTIONS IMPLICATIONS

As a result of this action, all property and interests in property of the designated or blocked persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC.  In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.  Unless authorized by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked persons. 

Violations of U.S. sanctions may result in the imposition of civil or criminal penalties on U.S. and foreign persons.  OFAC may impose civil penalties for sanctions violations on a strict liability basis.  OFAC’s Economic Sanctions Enforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. economic sanctions.  In addition, financial institutions and other persons may risk exposure to sanctions for engaging in certain transactions or activities involving designated or otherwise blocked persons.  The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated or blocked person, or the receipt of any contribution or provision of funds, goods, or services from any such person.  Non-U.S. persons are also prohibited from causing or conspiring to cause U.S. persons to wittingly or unwittingly violate U.S. sanctions, as well as engaging in conduct that evades U.S. sanctions.  Individuals located in the United States or abroad who provide information about sanctions violations to Treasury’s Financial Crimes Enforcement Network’s whistleblower incentive program may be eligible for awards if the information they provide leads to a successful enforcement action that results in monetary penalties exceeding $1,000,000 usd.

The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the SDN List, but also from its willingness to remove persons from the SDN List consistent with the law.  The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior.

USA: Disrupting Iran’s Weapons Procurement

Fact Sheet via Office of the Spokesperson

The Department of State is taking action to designate four Iran- and Belarus-based entities and individuals involved in the procurement of arms and related materiel intended to support Iran’s military.

The United States, as directed in the President’s National Security Presidential Memorandum 2, is committed to disrupting procurement efforts supporting Iran’s military programs.  This action represents the commitment to stop Iran from engaging in activities related to the reconstitution of its proliferation-sensitive programs.

All Department of State targets are being designated pursuant to Executive Order (E.O.) 13949, which targets certain persons with respect to the conventional arms activities of Iran.

The Department of the Treasury is concurrently designating nine entities and individuals who have worked to procure weapons on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC).  For more information on these actions, please see the Department of the Treasury’s press release.

The Department is designating the following entity and individual pursuant to Section 1(a)(i) of E.O. 13949 for engaging in activity that materially contributes to the supply, sale, or transfer, directly or indirectly, to or from Iran, or for the use in or benefit of Iran, of arms or related materiel, including spare parts. 

Armory Alliance

Armory Alliance is a Belarus-based entity that has acted as an intermediary between China-based companies and Iran and has been involved in facilitating the purchase of hundreds of man-portable air-defense systems (MANPADS) and their shipment from China to Iran including attempting to route the shipments through third party countries and obfuscating their origin and true end-user.  The Department of the Treasury previously designated Armory Alliance pursuant to E.O. 13382 on May 8, 2026.

Mohammadmahdi Maleki

Mohammadmahdi Maleki is a Belarus-based Iranian individual who as an employee of ARMORY ALLIANCE has contributed to Armory Alliance’s efforts to procure weapons for benefit of Iran. The Department of the Treasury previously designated Mohammadmahdi Maleki pursuant to E.O. 13382 on May 8, 2026.

The Department is designating the following entity and individuals pursuant to Section 1(a)(ii) of E.O. 13949 for having provided to Iran any technical training, financial resources or services, advice, other services, or assistance related to the supply, sale, transfer, manufacture, maintenance, or use of arms and related materiel described in subsection (a)(i) of section 1 of E.O. 13949.

Center for Innovation and Technology Cooperation

Center for Innovation and Technology Cooperation (CITC) is an Iran-based government entity involved in the procurement of satellite imagery to support kinetic strikes by Iranian armed forces. CITC coordinated with the Iranian Ministry of Intelligence and Security (MOIS) about striking locations within and around a facility hosting U.S. armed forces in late March 2026.  The facility was subsequently targeted by an Iranian attack in late March 2026, resulting in the injury of U.S. service members.  Additionally, officials of CITC have approached China-based facilitators to attempt to procure weapons for use by Iran’s military.  Center for Progress and Development of Iran (CDPI) is the latest name of Iran’s CITC.  CITC was previously designated by the United States on July 12, 2012, pursuant to E.O. 13382.  MOIS was previously designated by the United States on February 6, 2012, pursuant to E.O. 13224 and E.O. 13553.  MOIS was also designated by the United States on April 22, 2012, pursuant to E.O. 1306; September 9, 2022, pursuant to E.O. 13694; and September 8, 2023, pursuant to E.O. 14078.

The Department is designating the following entities pursuant to Section 1(a)(iii) of E.O. 13949 for having engaged, or attempted to engage, in any activity that materially contributes to, or poses a risk of materially contributing to, the proliferation of arms or related materiel or items intended for military end-uses or military end-users, including any efforts to manufacture, acquire, possess, develop, transport, transfer, or use such items, by the Government of Iran (including persons owned or controlled by, or acting for or on behalf of the Government of Iran) or paramilitary organizations financially or militarily supported by the Government of Iran.

Sajjad Ahadzadeh

Sajjad Ahadzadeh (Ahadzadeh) is the head of CITC. Ahadzadeh has approached China-based facilitators, such as U.S.-designated China-based Yushita Shanghai International Trade Co Ltd (Yushita), to procure man-portable air-defense systems (MANPADS).  Ahadzadeh has attempted to facilitate the procurement of weapons and other arms and related materiel from China for use by Iran including through U.S.-designated Yushita.  Yushita was designated by the Department of the Treasury on May 8, 2026, pursuant to E.O. 13382.

For Many European Countries, National Flower Is Second Only To Flag In Importance

Many non-native plants can happily survive in other regions of the world, which has given gardeners more choice than ever before. However, native flowers and plants can summarize the landscape of a nation, while communicating the identity of a country.

For many countries the national flower is second only to the national flag as the most important national symbol, while communicating the identity of a country.

European National Flowers Infographic

Did you work on this visual? Claim credit here.