Netherlands seizes 800 servers of hosting firm enabling cyberattacks

Dutch financial crime investigators (FIOD) arrested two men and seized 800 servers operated by a web hosting company that functioned as infrastructure for cyberattacks, election interference, and disinformation campaigns.

The seized servers hosted malicious content and provided anonymity services that allowed threat actors to conduct attacks while concealing their identities. The hosting provider operated without adequate abuse prevention controls, making it a preferred platform for criminals distributing malware, launching phishing campaigns, and spreading coordinated disinformation across multiple countries.

Law enforcement initiated the operation after identifying the platform's systematic role in facilitating organized cybercrime. The two arrested individuals managed the hosting infrastructure and knowingly permitted its use for illegal activities. Dutch authorities coordinated the seizure to disrupt ongoing attack campaigns and prevent future misuse.

The infrastructure seizure disrupts multiple threat ecosystems. Attackers lose reliable hosting for command-and-control servers, phishing pages, and malware distribution. Disinformation networks lose platforms for spreading coordinated false narratives at scale. Election interference operations targeting European institutions face infrastructure disruption.

This enforcement action reflects European law enforcement's growing focus on hosting providers that enable transnational cybercrime. Providers failing to implement mandatory abuse reporting, content moderation, and customer verification face legal liability across EU member states. The Netherlands, alongside Germany and other European nations, increasingly treats hosting infrastructure negligence as criminal facilitation rather than passive hosting.

Organizations and governments targeted by campaigns originating from this infrastructure should review their security logs for connections to seized IP addresses and implement network blocking for known malicious domains previously hosted there. The seizure demonstrates that major hosting infrastructure disruptions reduce attack velocity across entire threat ecosystems, but criminals rapidly migrate to alternative providers. Sustained enforcement against multiple hosting providers remains essential to limiting adversary operational flexibility.