Dutch Authorities Arrest Bulletproof Hosting Admins Linked to Russia

Dutch Authorities Arrest Bulletproof Hosting Admins Linked to Russia

Posted on By CWS

In a significant move against international cybercrime, Dutch authorities recently detained the administrators of two companies accused of providing bulletproof hosting services to Russian cybercriminals. These arrests follow allegations of sanctions evasion imposed by the European Union.

Details of the Arrest

The Dutch Fiscal Information and Investigation Service (FIOD) reported the arrests of a 57-year-old and a 39-year-old on May 18. The suspects, originating from Amsterdam and The Hague respectively, are believed to have facilitated hosting services for illicit activities.

Investigations led to searches across several locations, including Enschede, Almere, and data centers in Dronten and Schiphol-Rijk. Authorities seized numerous electronic devices, such as laptops and phones, alongside over 800 servers.

Connections to Sanctioned Entities

The 57-year-old suspect is alleged to have managed a company acting as a facade for a sanctioned web hosting provider. This entity, established shortly before Russia’s invasion of Ukraine, was implicated in distributing misinformation and cyberattacks against the EU.

After the imposition of sanctions in May 2025, the technical infrastructure was reportedly shifted to the Dutch company owned by the suspect. Meanwhile, the 39-year-old suspect allegedly maintained server operations for this front company.

Investigative Revelations

An in-depth investigation by de Volkskrant revealed the involvement of suspects Youssef Z. and Andrey N. in aiding Stark Industries, a hosting provider operated by Moldovan nationals. The EU had previously blacklisted Stark Industries due to its support for destabilizing activities in Europe.

According to the investigation, Andrey N. owns Mirhosting, which supplied physical servers to Stark Industries. These resources were used by Russian hackers, including the group NoName057(16), to launch cyberattacks. In response to EU sanctions, Stark Industries restructured operations, moving some activities to Youssef Z.’s firm, WorkTitans, based in Enschede.

This company rented and resold server space, complicating the identification of real clients and detection of misuse.

Related: Canadian Man Arrested for Operating Kimwolf Botnet

Related: ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested

Related: 201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

Related: Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested

Security Week News Tags:, , , , , , , , ,

Related Posts

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks Security Week News
Bluesky Faces Major Disruption Amid DDoS Attack Bluesky Faces Major Disruption Amid DDoS Attack Security Week News
Google Researchers Find New Chrome Zero-Day Google Researchers Find New Chrome Zero-Day Security Week News
Archetyp Dark Web Market Shut Down by Law Enforcement Archetyp Dark Web Market Shut Down by Law Enforcement Security Week News
MIND Raises Million for Data Loss Prevention MIND Raises $30 Million for Data Loss Prevention Security Week News
Grafana Suffers Data Breach, Codebase Stolen Grafana Suffers Data Breach, Codebase Stolen Security Week News