30 June 2025
On June 19, Russian independent media outlets IStories and Verstka published a joint investigation detailing how a sprawling network for selling sex with minors was built in Russia and how some of its high-profile clients — such as Russian oligarch and billionaire Oleg Deripaska — had escaped justice. Within hours of publication, both organizations suffered a coordinated Denial-of-Service (DoS) attack designed to disrupt access to their websites.
During a four-hour span, IStories received a Denial-of-service attack consisting of millions of malicious connections from over 3,000 IP addresses. One-third of the traffic originated from a single provider: Biterika Group LLC, a Russian hosting company long associated with anonymization and abuse-prone internet infrastructure.
Link to US sanctioned state institution
Valentina Ivanovna Aleshina, the main shareholder of the Biterika Group LCC, is a software engineer at the Russian state-affiliated Scientific-Manufacturing Complex “Technological Center” (a integral part of MIET). The institution was sanctioned by the U.S. Treasury in 2023 for its military and technological activities.
Aleshina’s network infrastructure, initially registered for private use, was later absorbed into Biterika Group’s operations. Valentinas son, Alexander Alekseevich Aleshinin, is another central figure in this investigation as he is directly linked to several domains and services hosted on Biterika infrastructure, including proxy platforms and hosting services used in the attack.
Although Biterika claims to be a hosting and proxy provider, our investigation indicates that their infrastructure is not designed for commercial use, but rather to provide access to proxy infrastructure to selected clients to circumvent blocking and to carry out malicious activities.
Furthermore, Biterika uses Global Network Management (GNM, AS31500) as secondary upstream provider for connectivity, which happens to be closely related to the Russian owned Telegram service. Three weeks ago, iStories and OCCRP revealed links between GNM and the Russian intelligence services in the investigation “Telegram, the FSB, and the Man in the Middle“.
Biterika has been associated with malicious activity for at least six years, yet its ownership structure and underlying purpose has remained unclear – until now.
Biterika’s close affiliation with a sanctioned state entity, murky service offerings and selection of upstream provider (GNM) raises many questions about the actual purpose of this company.
The attack on IStories and Verstka underscores how investigative journalism in Russia faces not only state censorship and legal persecution, but also a growing wave of digital attacks enabled by loosely regulated, abuse-tolerant infrastructure—often linked to Russian authorities—allowing malicious actors to operate openly and with impunity.
Forensic report: Proxy provider connected to state sanctioned research center linked to attack against investigative media
Contacts
Digital forensics: Tord Lundström <t at virtualroad.org> Technical Director
Media: Clara Zid <info at virtualroad.org> Media and Outreach Manager