Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns.
FIOD arrested a 57-year-old suspect, who was the company director, and a 39-year-old who headed a separate firm that provided internet connectivity.
According to the authorities, the suspects indirectly provided economic resources to Russian and Belarusian entities sanctioned by the European Union (EU).
The investigation focuses on the activities of web hosting firm Stark Industries, founded on February 10, 2022, shortly before Russia’s invasion of Ukraine.
“The [Dutch] web hosting company, according to the research team, provided support to actions by the Russian Federation that undermine democracy and security, including through information manipulation and disruption of public and economic systems,” FIOD says.
The EU added Stark Industries to the list of sanctioned entities last year on May 20. Following this restriction, the web hosting infrastructure was transferred to a newly created Dutch company that investigators believe acted as a front for the sanctioned entities.
In the recent action, FIOD conducted multiple raids in data centers in Dronten and Schiphol-Rijk, as well as searches in Enschede and Almere, where they seized 800 servers, laptops, phones, and administrative records.
Source: FIOD
According to a report from the De Volkskrant publication, the name of this Dutch entity is WorkTitans B.V. and provides hosting services under the brand THE.Hosting.
The same outlet alleges that Danish authorities and infrastructure providers linked WorkTitans to attacks by the pro-Russian hacktivist group NoName057(16), which has previously targeted key organizations with distributed denial-of-service (DDoS) attacks.
Mirhosting, based in Almere, operated physical servers, provided colocation, and supplied high-capacity connectivity to major internet exchanges in Amsterdam and Frankfurt, acting as the transport layer through which Stark’s traffic entered Europe to reach the WorkTitans infrastructure.
It’s worth noting that WorkTitans did not respond to de Volkskrant’s requests for a statement, while Mirhosting denied knowingly supporting illegal operations, claiming they quickly intervened upon receipt of abuse complaints.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
