Dutch law enforcement arrested two men operating internet hosting companies that provided infrastructure for Russian state-sponsored cyberattacks and disinformation campaigns targeting the European Union. Authorities seized approximately 800 servers during the operation.
The two arrested individuals controlled hosting firms that took over technical infrastructure previously operated by Stark Industries Solutions, an ISP sanctioned by the EU in 2024 for facilitating attacks linked to Russian intelligence agencies. The companies effectively continued Stark Industries' role as a staging ground for Russian cyber operations after the original provider faced sanctions.
The investigation revealed these hosting operations supported multiple Russian threat activities. Beyond direct cyberattacks, the infrastructure enabled influence operations and coordinated disinformation campaigns across EU member states. By maintaining the technical backbone of Stark Industries' network after formal sanctions, the hosting companies allowed Russian threat actors to maintain operational continuity despite official EU restrictions.
Stark Industries Solutions had operated as a known vector for attacks attributed to Russia's FSB, SVR, and GRU intelligence services. The sanctioned ISP faced restrictions due to its documented role in supporting operations against European targets. When the original company faced enforcement action, the arrested men's hosting operations filled the gap, effectively circumventing the sanctions regime by providing equivalent infrastructure under different corporate structures.
The seizure of 800 servers represents a substantial disruption to Russian cyber operations in Europe. The takedown eliminates hosting capacity used for command and control communications, malware distribution, and coordinated influence campaigns. However, Russian threat actors typically maintain redundant infrastructure across multiple providers and jurisdictions, so this action alone does not eliminate their operational capability.
The case demonstrates how sanctions against specific entities can be undermined when supporting infrastructure providers remain unregulated. EU enforcement typically targets the primary threat actor, but enabling intermediaries like hosting companies can perpetuate operations under different legal covers. Identifying and disrupting these secondary providers has become essential to making sanctions effective