Netherlands seizes servers in massive crackdown on Russian‑linked cyberhost

Netherlands seizes servers amid EU sanctions breach

In a coordinated raid on May 18, Dutch financial‑crime investigators confiscated ↓ 800 servers and detained two men accused of funneling resources to a sanctioned Russian hosting network. The operation, described by Reuters, targets the infrastructure that powered DDoS assaults and disinformation campaigns across the European Union.

Arrests of two operators

Andrey Nesterenko, a 39‑year‑old Russian national, and Youssef Zinad, 57, were taken into custody after raids on facilities in Enschede, Almere, Dronten and Schiphol‑Rijk. Authorities seized laptops, phones and ↓ 2 additional pieces of equipment linked to the illicit network.

“The seizure disrupts a key conduit for hostile cyber activity,” said a spokesperson for the Tax Intelligence and Investigation Service (FIOD).

The seized hardware belonged to MIRhosting, a Dutch‑registered ISP that supplied connectivity to WorkTitans BV, the entity that inherited assets from the previously sanctioned PQHosting. WorkTitans and MIRhosting were identified as primary channels for Russian‑aligned attacks on Danish government sites during the November 2025 municipal elections.

Both Nesterenko and Zinad deny wrongdoing. Nesterenko, a former piano prodigy from Nizhny Novgorod, argues the transfer to the.hosting pre‑dated the EU sanctions and that shutting down a legitimate Dutch firm will only hurt innocent clients. Bloomberg notes that the broader strategy of sanction evasion remains a persistent challenge for European regulators.

In a statement, MIRhosting claimed an internal review found no evidence of involvement in the Danish election interference, noting that network traffic showed no spikes indicative of large‑scale DDoS activity. The firm has temporarily paused services to WorkTitans while the investigation proceeds.

The case echoes earlier findings that cyber‑crime infrastructure can adapt quickly to regulatory pressure, a pattern also observed during the recent pandemic where threat actors leveraged disrupted supply chains for malicious gain.

Words by Nova Stirling (Aerospace & Space Tech Correspondent).