In a major enforcement action, the Financial Crime Investigation Service (FIOD) in the Netherlands has cracked down on a suspected hosting network linked to cyberattacks and digital disinformation campaigns. Authorities have seized around 800 servers and arrested two individuals in connection with the case. According to officials, the network was indirectly providing technical support to entities linked with Russia and Belarus that fall under European Union sanctions.
Key suspects and core companies
Investigators said the arrested individuals include a 57-year-old company director and a 39-year-old man who ran a separate firm involved in internet connectivity services. The operation is part of a broader investigation into allegations that a hosting company facilitated cyberattacks, information interference, and destabilization campaigns by providing critical infrastructure and resources.
The central company under scrutiny has been identified as Stark Industries, which was established in February 2022, shortly before the start of the Russia-Ukraine conflict. Investigators claim that the company later became associated with activities aimed at undermining democratic institutions and disrupting public order across multiple regions.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Sanctions, front entities and coordinated raids
The European Union had previously placed certain entities connected to this network under sanctions last year. Despite these restrictions, investigators found indications that operations continued through a newly created Dutch entity, which is suspected of acting as a front company designed to bypass sanctions and regulatory controls.
FIOD carried out coordinated raids across multiple locations, including Dronten, Schiphol-Rijk, Enschede, and Almere. During these operations, authorities seized not only hundreds of servers but also laptops, mobile phones, and extensive administrative records. Officials said the infrastructure was being used for large-scale data routing and cyber-related operations that supported malicious online activity.
Alleged links to pro-Russian hacking groups and infrastructure providers
Reports suggest that a Dutch company named WorkTitans B.V. is also linked to the broader network. It operates hosting services under the brand THE.Hosting. Authorities allege that this infrastructure was used to support the activities of the pro-Russian hacking group NoName057(16), which has been associated with coordinated distributed denial-of-service (DDoS) attacks targeting various organizations.
The investigation further indicates that Mirhosting, another infrastructure provider, played a role in operating physical servers, colocation services, and high-capacity connectivity solutions. This setup allowed traffic to be routed through major European internet exchange points. However, the company has stated that it was not aware of any illegal activity and claimed it took immediate action once complaints were received.
Wider ecosystem, forensic analysis and future risks
Experts believe the case highlights a much broader issue than a single hosting provider. It exposes a complex ecosystem that enables cyberattacks by supplying the underlying infrastructure required for large-scale digital operations. According to investigators, such networks frequently change their structure to evade sanctions and law enforcement scrutiny, making detection and disruption significantly more difficult.
Authorities have confirmed that forensic analysis of the seized servers is ongoing. They have not ruled out further arrests as the investigation continues to expand. The operation is being viewed as a significant step in strengthening cyber enforcement and sanctions compliance across Europe, especially as digital threat networks become increasingly sophisticated and transnational in nature.
The case also underscores how modern cyberattacks rely not only on hacking tools and malicious software but also on highly organized hosting and networking infrastructure that operates across multiple jurisdictions. Investigators are now working to map the entire supply chain behind these services to prevent similar networks from operating in the future.
Officials emphasized that the crackdown sends a strong signal that infrastructure enabling cyberattacks—whether directly or indirectly—is increasingly under global scrutiny. With cybercrime networks adapting quickly, enforcement agencies are expected to intensify cross-border cooperation and monitoring to dismantle such systems at an earlier stage.
