Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
3 hours ago
- #Cybercrime
- #Sanctions
- #Dutch Investigation
- Dutch authorities arrested two co-owners of hosting companies for providing IT infrastructure used by Russia for cyberattacks, influence operations, and disinformation within the EU.
- The arrested individuals, Andrey Nesterenko and Youssef Zinad, were linked to Stark Industries Solutions, a sanctioned ISP, through MIRhosting and WorkTitans.
- Stark Industries emerged as a key source of DDoS attacks and proxy services for Russia-backed hacking groups after Russia's invasion of Ukraine.
- MIRhosting, operated by Nesterenko, became Stark's remaining internet connection after EU sanctions targeted PQHosting and the Neculiti brothers.
- WorkTitans, controlled by Nesterenko and Zinad, transferred Stark's assets and relied solely on MIRhosting for connectivity.
- Dutch investigators seized servers and equipment, citing violations of sanctions law for making resources available to sanctioned entities.
- MIRhosting denied knowledge of misuse by pro-Russian cybercriminals and paused services to WorkTitans while investigating alleged involvement in attacks during Denmark's elections.
- Nesterenko claimed the transition to WorkTitans was not for sanctions evasion and that damaging legitimate companies harms innocent people.
- Zinad maintained a low profile, avoiding contact and communications, and was arrested at a residence in Amsterdam.
- Nesterenko's history includes hosting a hacktivist site during the 2008 Russia-Georgia conflict, marking a early instance of cyberattacks alongside military engagements.