Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Dutch authorities have arrested two men linked to Internet hosting companies accused of facilitating Russian cyberattacks and disinformation campaigns targeting the European Union. The suspects, a 57-year-old from Amsterdam and a 39-year-old Russian native residing in the Netherlands, were detained by the Dutch financial crime agency FIOD. Investigators seized over 800 servers, laptops, and phones during raids at multiple business locations and data centers. The arrests come amid an ongoing investigation into the hosting infrastructure used by Russia-backed hacking groups for cyber operations across Europe. The two men operated companies connected to Stark Industries Solutions, an Internet service provider sanctioned by the EU for its role in enabling cyberattacks attributed to Russian intelligence agencies. Stark Industries emerged shortly before Russia’s invasion of Ukraine and quickly became a hub for distributed denial-of-service (DDoS) attacks and proxy services used in hybrid warfare tactics. Earlier sanctions targeted Moldovan brothers Ivan and Yuri Neculiti and their company PQHosting, which provided one of Stark’s main Internet conduits. However, the Dutch-based MIRhosting and WorkTitans BV, controlled by the arrested men, maintained the remaining critical connectivity for Stark’s network. The investigation revealed that after PQHosting’s sanctions, Stark’s network assets were transferred to WorkTitans BV, which relied exclusively on MIRhosting for Internet access. The arrested individuals, identified as Youssef Zinad and a man named Nesterenko, played key roles in managing these entities. The extensive seizure of servers and equipment aims to disrupt the infrastructure supporting Russia’s cyber operations within the EU. This case highlights the challenges of enforcing sanctions and combating state-sponsored cyber threats that exploit complex international hosting arrangements. The arrests underscore the growing efforts by European authorities to clamp down on cybercrime networks facilitating hostile foreign influence and attacks. By targeting the technical backbone enabling these operations, the Netherlands is attempting to curtail Russia’s ability to conduct hybrid warfare through cyberspace. The case also illustrates the evolving tactics used by sanctioned entities to circumvent restrictions and maintain their cyber capabilities, emphasizing the need for continued vigilance and coordinated international responses.