Dutch authorities have taken down a hosting network allegedly used to support cyberattacks, disinformation campaigns, and sanctions evasion, following a joint investigation that pulled in financial crime investigators, intelligence services, and police units from several European countries.
The operation, led by the Dutch Fiscal Information and Investigation Service, known as FIOD, resulted in the arrest of two suspects accused of violating sanctions legislation connected to Russia. Investigators said the hosting infrastructure was linked to services that allowed customers to operate anonymously while avoiding European restrictions.
According to officials, the suspects are believed to have provided server infrastructure and related services to entities and individuals under international sanctions. Authorities claim the network also hosted online activity connected to cybercrime operations and influence campaigns aimed at spreading disinformation. The investigation focused on whether the operators knowingly facilitated those activities while continuing to do business with sanctioned parties.
Investigators described the platform as a “bulletproof hosting” service, a term commonly used for providers that ignore abuse complaints and allow criminal activity to remain online. These services are often used by ransomware groups, phishing operators, malware distributors, and actors running fake news or propaganda campaigns.
In their press release, Dutch authorities said the infrastructure was dismantled during coordinated raids that included the seizure of servers and data storage systems. Additionally, several domains and IP addresses linked to the operation were also taken offline.
While officials did not publicly identify every customer connected to the hosting service, investigators said evidence points to links with cyberattack activity targeting organizations in multiple countries. The infrastructure allegedly offered a level of anonymity that made tracing operators and customers more difficult for law enforcement agencies.
The arrests arrive at a time when European governments are increasing scrutiny on hosting providers and intermediary services connected to sanctioned Russian entities.
Nevertheless, cybersecurity researchers have warned for years that bulletproof hosting providers play a major role in keeping malicious campaigns online. Even when malware operators or phishing sites are identified, those services often refuse takedown requests or quickly move customers to new servers.
Authorities have not disclosed the identities of the suspects yet, and the investigation remains active. Officials said more arrests and infrastructure seizures are possible as forensic analysis of the seized systems continues.
