Ethical Hacking News
Dutch Authorities Crack Down on Pro-Russian Cyberoperations: 800 Servers Seized, Two Co-Conspirators Arrested for Aiding Russia's Hybrid Warfare Efforts
Dutch authorities have seized over 800 servers from two Internet hosting companies linked to pro-Russian cyber operations. The arrests of two co-owners, Andrey Nesterenko and Youssef Zinad, mark a major blow to Russia's efforts to carry out cyberattacks and influence operations within the European Union. Dutch financial crime agency FIOD has confirmed that Nesterenko and Zinad were arrested on May 18 at their respective residences in Amsterdam and The Hague. Authorities seized laptops, telephones, and over 800 servers during the operation, which also uncovered evidence of pro-Russian attacks on Danish government bodies.
In a significant operation aimed at disrupting the global cyber landscape, Dutch authorities have seized over 800 servers from two Internet hosting companies linked to pro-Russian cyber operations. The arrests of two co-owners, Andrey Nesterenko and Youssef Zinad, mark a major blow to Russia's efforts to carry out cyberattacks, influence operations, and disseminate disinformation campaigns within the European Union.
According to a detailed report by Dutch financial crime agency FIOD (Tax Intelligence and Investigation Service), the investigation centered around Stark Industries Solutions, an Internet service provider sanctioned last year by the EU due to its frequent use as a staging ground for Russia's intelligence agencies. The agency uncovered that Nesterenko, a 39-year-old Russian native operating MIRhosting from the Netherlands, had been providing critical connectivity to the Stark network assets.
In May 2025, the European Union imposed sanctions on PQHosting and the Moldovan brothers Ivan and Yuri Neculiti for their alleged role in aiding Russia's hybrid warfare efforts. However, as KrebsOnSecurity observed in September 2025, these sanctions failed to target Stark's remaining connection to the Internet – an entity controlled by WorkTitans BV, a Dutch company operated by Nesterenko and Zinad.
The investigation revealed that WorkTitans had been the focal point of numerous pro-Russian attacks on Danish government bodies between November 13 and 19, 2025. The Dutch authorities' search operations uncovered evidence that Stark Industries Solutions was utilizing MIRhosting as its primary conduit to the wider Internet. Furthermore, FIOD discovered that Zinad had worked previously for MIRhosting, thus establishing a direct link between the two entities.
The Dutch financial crime agency has confirmed that on May 18, Nesterenko and Zinad were arrested at their respective residences in Amsterdam and The Hague, respectively. Following the arrest, investigators searched three businesses in Enschede and Almere as well as two data centers in Dronten and Schiphol-Rijk. Authorities seized laptops, telephones, and over 800 servers during this operation.
A statement from the Dutch authorities stated that while they had confiscated numerous pieces of digital evidence, including laptops and mobile phones, it is uncertain whether any recovered data can be accessed due to concerns about potential digital contamination.
De Volkskrant, a prominent Dutch news outlet, has reported on the implications of the seizure. According to the publication, prior to Nesterenko's arrest, he denied any involvement in pro-Russian cybercrimes despite being questioned by investigators about his knowledge of servers allegedly used for nefarious purposes. Nesterenko alleged that he had severed ties with the Neculiti brothers following the EU sanctions in May 2025.
In contrast, Zinad reportedly chose to remain silent on the matter. Neighbors have noted that Zinad was not present at an address in Almere, where a personal limited company was registered under his name, as of April. Notably, blinds were drawn at this residence, and trash bags lay outside next to a container – suggesting that someone had recently left.
The arrest of Nesterenko and Zinad marks a significant turning point in the Dutch government's efforts to combat pro-Russian cyber operations within the European Union. As KrebsOnSecurity noted earlier this year, the ongoing war between Russia and Ukraine has seen a surge in sophisticated cyberattacks targeting EU member states. The discovery of a major hub for these attacks is being hailed as a milestone in disrupting Russia's global hybrid warfare capabilities.
As investigations continue to unfold, authorities are taking steps to dismantle Stark Industries Solutions' infrastructure. In response to the recent seizure, customers of MIRhosting received an automated message stating that all services had been discontinued due to data loss on the server.
While details surrounding the extent of damage from this cyberattack remain unclear, one fact is evident – Dutch authorities have taken significant action in countering pro-Russian cyber operations. As concerns over digital security grow worldwide, it remains to be seen how effectively governments can respond to and mitigate such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Dutch-Authorities-Uncover-Web-of-Pro-Russian-Cyber-Operations-Seize-800-Servers-and-Arrest-Key-Players-ehn.shtml
https://krebsonsecurity.com/2026/05/netherlands-seizes-800-servers-arrests-2-for-aiding-cyberattacks/
Published: Mon May 25 09:25:12 2026 by llama3.2 3B Q4_K_M
