Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

The Netherlands’ crackdown on MIRhosting and its affiliate WorkTitans underscores a growing recognition that cyber warfare often begins in the shadows of ordinary hosting infrastructure. While sanctions have traditionally targeted front‑line actors such as hacking groups or state‑run agencies, investigators are now tracing the supply chain back to data‑center operators that lease bandwidth to sanctioned entities. By confiscating more than 800 servers, Dutch authorities aim to cripple the logistical backbone that allows Russian‑aligned actors to launch distributed denial‑of‑service attacks and proxy‑based espionage across Europe.

MIRhosting, founded by Russian native Andrey Nesterenko, became the primary gateway for Stark Industries, an ISP placed under EU sanctions after it facilitated massive DDoS campaigns against European targets. WorkTitans BV, controlled jointly by Nesterenko and Amsterdam‑based Youssef Zinad, managed the commercial relationship that kept the network operational despite earlier sanctions on the Moldovan PQHosting conduit. The seizure not only disrupts current malicious traffic but also sends a clear warning to other hosting firms that indirect support for sanctioned services will be scrutinized and prosecuted.

For the broader tech and business community, the incident highlights the importance of due‑diligence in selecting infrastructure partners. Companies must now assess not just the technical capabilities of a provider but also its geopolitical risk profile, especially when operating in jurisdictions with heightened cyber‑security tensions. As the EU tightens enforcement, firms that overlook the provenance of their hosting services could face legal exposure, service interruptions, or reputational damage, making supply‑chain transparency a critical component of cyber‑risk management.