Bulletproof hosting (BPH) services, as their name suggests, are more robust than other web hosting services. More resilient against complaints and takedown requests from law enforcement, they enable and facilitate a vast array of cybercriminal activity, such as phishing sites and malware download servers, to continue undisturbed.
BPH services are perhaps the biggest enabler of cybercrime within the underground, and for the last decade, one threat actor has maintained prominence: yalishanda. This actor operates one of the most popular BPH services in the world. The actor provides a “top-tier” service that is both more mature and expansive than other offerings, perhaps explaining yalishanda’s continued popularity. Here, Intel 471 presents a snapshot of the prolific bulletproof hoster.
For teams seeking to proactively prevent cyber threats, the tracking of BPH services and actors behind them is key. By leveraging exclusive intelligence, organizations can better monitor for and block activity stemming from such infrastructure, while law enforcement agencies can use the intelligence to refine their efforts to permanently disrupt BPH infrastructure. Intel 471 is dedicated to sharing the latest updates on BPH and more to help empower the defenses of enterprises and government agencies.
