Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Dutch authorities arrested two men operating internet hosting companies that provided infrastructure for Russian state-sponsored cyberattacks, influence operations, and disinformation campaigns targeting the European Union. The arrests followed investigative work identifying the men's control over infrastructure previously linked to Stark Industries Solutions, an ISP sanctioned by the EU in 2024 for facilitating Russian intelligence operations.

Law enforcement seized approximately 800 servers during the operation. The hosting companies had inherited or assumed technical control of Stark Industries Solutions' infrastructure, effectively continuing the provider's role as a staging ground for Russian cyber operations. The EU had already designated Stark Industries Solutions as a frequent origination point for cyber activity connected to Russia's intelligence services.

The operation demonstrates coordinated enforcement against the physical and technical backbone enabling state-sponsored cyber operations. By targeting the hosting infrastructure itself rather than just individual attack campaigns, Dutch authorities disrupted a critical enabler of Russian cyber operations in Europe. The seizure of hundreds of servers removes operational capacity used for launching attacks and spreading coordinated disinformation.

This enforcement action addresses a persistent gap in cyber defense. Russian intelligence agencies have relied on hosting providers and ISPs to maintain deniability while conducting offensive operations. By prosecuting the operators maintaining this infrastructure, authorities establish accountability for knowingly enabling state-sponsored cyber activity. The sanctions against Stark Industries Solutions had limited impact without removing the underlying technical infrastructure.

Organizations across the EU should reassess their exposure to compromises originating from this infrastructure. Any systems communicating with or infected by malware hosted on these servers warrant forensic review. The operation underscores how physical jurisdiction over hosting facilities remains a practical enforcement tool against distributed cyber threats, even when attribution points to state actors.