Dutch Authorities Arrest Hosting Executives Over Links to Russian Cyber Operations

Dutch financial crime investigators have arrested two men in connection with an investigation into Internet hosting infrastructure allegedly used to support Russian cyberattacks, disinformation campaigns and influence operations within the European Union. The arrests, carried out by the Tax Intelligence and Investigation Service (FIOD), mark a significant escalation in efforts to disrupt the digital staging grounds used for hybrid warfare against Western targets.

The Scope of the Investigation

The investigation centers on the operations of Stark Industries Solutions, a hosting provider sanctioned by the European Union for its role in facilitating cyber mischief linked to Russian intelligence agencies. According to reports from the Dutch daily de Volkskrant, investigators arrested a 57-year-old resident of Amsterdam and a 39-year-old resident of The Hague on May 18, 2026. The suspects are accused of violating sanctions law by providing economic resources to entities already under EU restrictive measures.

During the enforcement action, authorities conducted searches at three business locations in Enschede and Almere, as well as two data centers in Dronten and Schiphol-Rijk. The operation resulted in the seizure of laptops, mobile devices, and more than 800 servers, effectively taking them offline.

Infrastructure and Sanctions Evasion

The investigation highlights the complex, shifting nature of digital infrastructure used in state-sponsored cyber activities. Following the imposition of EU sanctions on the Moldovan company PQHosting and its leadership in May 2025, assets associated with the Stark network were reportedly transferred to a new entity, the[.]hosting, which operated under the control of the Dutch firm WorkTitans BV.

Evidence reviewed by de Volkskrant suggests that WorkTitans and the associated MIRhosting were among the most active networks utilized during pro-Russian cyberattacks targeting Danish government bodies in November 2025. These attacks coincided with Denmark’s municipal elections, underscoring the risks posed by hosting providers that serve as conduits for foreign interference.

Company Response and Defense

Andrey Nesterenko, the founder of MIRhosting, has publicly denied allegations of involvement in cybercrime or intentional sanctions evasion. In statements provided to media, Nesterenko asserted that the transition to the[.]hosting was a standard business transfer that occurred before the sanctions were finalized. He further stated that MIRhosting has initiated an internal investigation into the allegations regarding the Danish elections and has temporarily suspended services to WorkTitans.

Regarding the operational history of his companies, Nesterenko maintained that MIRhosting does not support illegal activity and that the recent enforcement actions have caused significant harm to his business and reputation. Meanwhile, the second individual involved, Youssef Zinad, has maintained a low profile throughout the proceedings and has not responded to requests for comment.

Key Takeaways

• Regulatory Crackdown: The arrest of the two executives signals a proactive stance by Dutch authorities in enforcing EU sanctions against infrastructure providers linked to Russian cyber operations.
• Disruption of Services: The seizure of over 800 servers demonstrates the tangible impact of international sanctions on the digital supply chain used by state-backed hacking groups.
• Persistence of Threats: The case highlights the “whack-a-mole” nature of cyber warfare, where infrastructure assets are rapidly rebranded or transferred to new entities to circumvent international restrictions.

As the investigation continues, the case serves as a stark reminder of the intersection between private sector hosting services and geopolitical conflict. The ability of intelligence services to leverage commercial data centers for large-scale attacks remains a primary focus for cybersecurity regulators and law enforcement agencies across the European Union.