Logo
News Ababil
Explore
SYS_NODE: ONLINE // Cyber Security

Netherlands seizes 800 servers in massive cyber‑crime bust

DECRYPTED BY: Kaelen Frost | TIMESTAMP: 2026-05-27 T 20:17:55 Z | [ 2 MIN READ ]
Netherlands seizes 800 servers in massive cyber‑crime bust
2 Min Read
Share

Netherlands seizes 800 servers in a coordinated raid that also led to the arrest of two individuals accused of enabling Russian‑backed cyber campaigns across the EU.

Operation crackdown on Stark‑linked hosting

Agents of the Dutch Tax Intelligence and Investigation Service (FIOD) detained a 57‑year‑old Amsterdam resident and a 39‑year‑old Hague native on May 18, charging them with breaching EU sanctions by funneling resources to the outlawed provider Stark Industries Solutions.

Key infrastructure under fire

The sweep targeted MIRhosting, a Netherlands‑based ISP run by Russian national Andrey Nesterenko, and WorkTitans BV, the corporate shell that channeled traffic to the ↓ 800 seized servers across data centres in Dronten and Schiphol‑Rijk.

“The hardware and client base were transferred before the sanctions took effect,” Nesterenko told reporters via email.

Investigators linked the network to a surge of distributed denial‑of‑service attacks and proxy services that surfaced in Russian‑aligned disinformation drives, notably during Denmark’s municipal elections in November 2025.

According to Reuters, EU authorities had already black‑listed PQHosting and its Moldovan owners in May 2025, yet the Dutch entities remained operational until this intervention.

In a statement, MIRhosting said an internal review found “no anomalies” in traffic during the election week and that services to other clients remain uninterrupted.

Nesterenko, a former piano prodigy from Nizhny Novgorod, highlighted his 2004 venture Innovation IT Solutions Corp., which once hosted the hacktivist site stopgeorgia[.]ru during the 2008 Georgia conflict – a historic blend of cyber and kinetic warfare.

The arrested co‑owner, Youssef Zinad, has largely vanished from public view; attempts to reach him via LinkedIn, WhatsApp and phone have been rebuffed, echoing the opaque tactics often seen in covert sanction‑evasion schemes.

While Dutch officials stress the operation’s role in curbing hostile cyber activity, critics warn that dismantling legitimate hosting infrastructure can collateral‑damage innocent businesses, a concern amplified by the lingering effects of the recent pandemic on global supply chains.


Words by: Kaelen Frost

Lead Cybersecurity Analyst

Global Data Feed

More from this Intel

Iran Cyber Threats Expand Beyond Critical Infrastructure: New Risks for Internet‑Facing Firms

Iran Cyber Threats Expand Beyond Critical Infrastructure: New Risks for...

Jul 10, 2026
Microsoft Seals RoguePlanet Defender flaw, Blocking SYSTEM‑Level Exploit

Microsoft Seals RoguePlanet Defender flaw, Blocking SYSTEM‑Level Exploit

Jul 09, 2026
Cyber Resilience Redefined: AI Shrinks Attack Window to 27 Seconds

Cyber Resilience Redefined: AI Shrinks Attack Window to 27 Seconds

Jul 09, 2026
Roundcube Flaw Fuels New Wave of Academic Espionage

Roundcube Flaw Fuels New Wave of Academic Espionage

Jul 08, 2026
KDDI Data Breach Exposes Over 12 Million Credentials – Japan’s Telecom Shock

KDDI Data Breach Exposes Over 12 Million Credentials – Japan’s...

Jul 08, 2026
Google and FBI Crack Down on Massive Botnet Exploiting Everyday Android Devices

Google and FBI Crack Down on Massive Botnet Exploiting Everyday...

Jul 08, 2026

Join The Elite

Get the top 0.1% global intelligence and market insights delivered directly to your inbox before the masses.

We respect your privacy. No spam.