- Category
- World
Dutch Police Seize 800 Servers in Major Europe-Wide Crackdown on Pro-Russian Cyberattack Network
Prefer U24 Media on Google
- Authors
![Photo of Cyril Barabaltchouk]( "Photo of Cyril Barabaltchouk")
-72b63a4e0c8c475ad81fe3eed3f63729.jpeg "Photo of Cyril Barabaltchouk")
Dutch law enforcement has dismantled critical web infrastructure utilized by Russian hackers, dealing a significant blow to a group responsible for launching disruptive cyberattacks across Europe, Bloomberg reported on May 27.
Last week, the Dutch financial crimes agency conducted targeted raids on two data centers in the Netherlands, seizing 800 servers operated by WorkTitans and MIRhosting. These two companies rent online web space. The Dutch Fiscal Information and Investigation Service stated that the firms were targeted on suspicion of violating international sanctions.
We bring you stories from the ground. Your support keeps our team in the field.
Authorities allege that the web hosting companies rented servers to entities controlled by Iurie and Ivan Neculiti, two Moldovan brothers whom the European Union placed on a trade blacklist last year for assisting Russian state-sponsored hackers, according to details provided by Bloomberg.
As part of the investigation, Dutch police arrested Youssef Zinad, the owner of WorkTitans, and Andrey Nesterenko, the founder of MIRhosting. Nesterenko, a 39-year-old Russian citizen based in the Netherlands who is also a prize-winning concert pianist, denied any wrongdoing.
In a LinkedIn message, he acknowledged a past working relationship with one of the brothers but claimed he severed ties after the sanctions were imposed, adding that MIRhosting had not detected any suspicious activity. Zinad and the Neculiti brothers did not respond to Bloomberg’s requests for comment.
WorkTitans and MIRhosting were identified as the primary networks used in a series of pro-Russian attacks against Danish government organizations last November, Bloomberg noted, citing a report by the Dutch newspaper Volkskrant. The Russian hacker collective NoName057(16) claimed responsibility for those disruptions, and Europol has accused the group of repeatedly targeting European government websites and banking services.
NoName057(16) specializes in distributed denial-of-service (DDoS) attacks, which overwhelm targeted websites with traffic to force them offline. The hackers have utilized this relatively simple technique to cause high-profile disruptions, including targeting France’s postal service during the Christmas season to delay package deliveries.
According to the US Justice Department, the group was founded as a covert project and includes employees from a Kremlin-backed organization, the Center for the Study and Network Monitoring of the Youth Environment. The collective reportedly maintains a daily leaderboard for its volunteer hackers, rewarding the most productive members with cryptocurrency, Bloomberg wrote.
Despite their pro-Russian allegiance, these cyber threat actors rely heavily on hardware located within Western countries, leaving their infrastructure highly vulnerable to police operations, Bloomberg reported. While European investigators previously took down 100 servers associated with NoName057(16) last July, this latest Dutch enforcement action indicates that the group’s operations had persisted by exploiting rogue hosting companies.
The server takedown follows recent warnings from the Netherlands Defense Intelligence and Security Service, which cautioned in its annual report that Russia is utilizing artificial intelligence to partially automate and intensify its cyberattacks on Europe at a high pace. Dutch military intelligence identified Russia as the most immediate threat to European stability, noting that Moscow is actively deploying cyber warfare, disinformation, and sabotage to instill societal fear and influence Western decision-making.
In response to these escalating hybrid threats, European nations are expanding their defensive frameworks, with Germany drafting new legislation to authorize offensive cyber operations outside its borders to counter persistent Russian state-sponsored networks.
Discuss this article:
-c439b7bd9030ecf9d5a4287dc361ba31.jpg "Photo of Katherina Popilnichenko")
-111f0e5095e02c02446ffed57bfb0ab1.jpeg "Photo of Roman Kohanets")
