Dutch Authorities Dismantle Hosting Infrastructure Linked to Sanctioned Entities
Financial crime investigators in the Netherlands (FIOD) have executed a major operation targeting a web hosting infrastructure accused of facilitating cyberattacks, disinformation campaigns, and interference operations. The operation resulted in the arrest of two individuals and the seizure of 800 servers, marking a significant strike against digital assets allegedly used to bypass international sanctions.

The Scope of the Investigation
The investigation centers on Stark Industries, a web hosting firm established in February 2022. According to authorities, the company was utilized to provide essential economic resources to Russian and Belarusian entities currently under European Union (EU) sanctions. The EU officially added Stark Industries to its sanctions list on May 20, 2025.
Investigators believe that following the imposition of these sanctions, the hosting infrastructure was migrated to a Dutch entity—identified in reports as WorkTitans B.V.—to function as a front for the sanctioned parties. The FIOD conducted raids across multiple locations, including data centers in Dronten and Schiphol-Rijk, as well as administrative searches in Enschede and Almere. Beyond the 800 servers, officials seized laptops, mobile devices, and administrative records.
Key Suspects and Operations
Two men were taken into custody during the operation: the 57-year-old director of the hosting company and a 39-year-old individual who managed a separate firm providing internet connectivity.
The infrastructure in question, which operated under the brand THE.Hosting, reportedly acted as a transport layer for malicious traffic. Mirhosting, based in Almere, is alleged to have provided physical server colocation and high-capacity connectivity to major internet exchanges in Amsterdam and Frankfurt. This connectivity allowed traffic to flow into the WorkTitans infrastructure, which has been linked by international observers to disruptive activities, including distributed denial-of-service (DDoS) attacks attributed to the pro-Russian hacktivist group NoName057(16).
Regarding the allegations, Mirhosting stated that it did not knowingly support illegal activities and claimed to have intervened when abuse complaints were received. WorkTitans B.V. Has not provided a statement in response to inquiries.
Official Stance on Digital Security
The FIOD has emphasized the severity of the alleged activities, noting that the infrastructure provided support for actions intended to undermine democracy and security. By facilitating information manipulation and the disruption of public and economic systems, the entities involved reportedly violated strict EU sanction legislation.

Key Takeaways
- Operation Success: Dutch investigators seized 800 servers and arrested two suspects linked to a hosting firm facilitating sanctioned activities.
- Sanctions Evasion: The operation targeted a front company accused of masking support for Russian and Belarusian entities.
- Broad Impact: The seized infrastructure was reportedly involved in coordinating DDoS attacks and spreading disinformation.
- Ongoing Enforcement: The raid highlights the increasing focus of European authorities on the digital supply chain and hosting providers that enable state-sponsored interference.
As digital threats continue to evolve, this operation serves as a reminder that infrastructure providers are increasingly being held accountable for the traffic they host. The seizure of these servers represents a tactical disruption of the networks used by hostile actors to target European security and stability.
Worth a look