Dutch authorities arrested two men accused of helping operate a pro-Russian hosting network tied to cyberattacks and sanctions evasion activities across Europe. Investigators believe the infrastructure supported the activities of the hacker group NoName057(16), which has repeatedly targeted Ukraine and countries backing Kyiv.
The suspects include a 57-year-old consultant from Amsterdam and a 39-year-old concert pianist from The Hague. Authorities claim both men helped maintain hosting services connected to Russian cyber operations despite existing European sanctions.
Investigators Linked the Infrastructure to Stark Industries
Dutch investigators traced the operation to Stark Industries Solutions, a hosting provider that appeared shortly before Russia launched its full-scale invasion of Ukraine in 2022. European authorities later sanctioned the company after linking it to cyberattacks, disinformation campaigns, and hostile online operations targeting the European Union.
Investigators believe parts of the pro-Russian hosting network continued operating through Dutch front companies after the sanctions took effect. Authorities identified WorkTitans BV and MIRhosting as companies allegedly involved in maintaining the infrastructure.
Officials stated that WorkTitans may have acted as a cover company for sanctioned entities. Meanwhile, MIRhosting allegedly provided internet connectivity and server support connected to the operation.
Dutch Authorities Seized Hundreds of Servers
The Dutch financial crime agency FIOD carried out raids at several business locations and data centers, including facilities in Dronten and Schiphol-Rijk. During the operation, investigators seized more than 800 servers alongside laptops, mobile phones, and company records.
Authorities suspect the infrastructure supported distributed denial-of-service attacks against governments and organizations that support Ukraine. Reports also connected the network to cyberattacks targeting Danish government systems during municipal elections last year.
Investigators continue examining the seized equipment to determine the full scale of the operation and identify possible international connections.
NoName057(16) Remains a Major Threat
The investigation also highlights the continued activity of NoName057(16), a pro-Russian hacktivist group known for large-scale DDoS campaigns against Western institutions. The group emerged shortly after the war in Ukraine began and has repeatedly targeted government agencies, transport systems, financial services, and media organizations across Europe.
European law enforcement agencies already targeted the group during Operation Eastwood in 2025. Authorities disrupted infrastructure linked to the organization and issued several arrest warrants connected to its operations.
Security researchers continue warning that bulletproof hosting providers remain essential tools for cybercriminal and state-aligned hacking groups. These services often ignore abuse complaints and help threat actors keep malicious infrastructure online across multiple jurisdictions.
Conclusion
The pro-Russian hosting network case demonstrates how cybercrime infrastructure can survive even under international sanctions and law enforcement pressure. Dutch investigators believe the suspects helped maintain systems connected to disruptive attacks against European institutions and Ukraine supporters. The operation also shows how hosting providers continue to play a critical role in modern geopolitical cyber conflict.
0 responses to “Pro-Russian Hosting Network Tied to Dutch Cybercrime Arrests”