Netherlands Arrests Two Co-Owners of Hosting Firms, Seizes 800 Servers Tied to Russian Cyberattacks
Authorities in the Netherlands have arrested two co-owners of related Internet hosting companies for allegedly enabling IT infrastructure used by Russia in cyberattacks, influence operations, and disinformation campaigns within the European Union. This incident underscores ongoing concerns about the intersection of cybersecurity and geopolitical tensions, particularly regarding Russia’s actions in Ukraine.
Arrests and Charges
On May 18, 2025, the Dutch financial crime agency, FIOD, apprehended a 57-year-old man from Amsterdam and a 39-year-old man from The Hague. They are charged with violating sanctions laws by either directly or indirectly providing economic resources to entities sanctioned by the EU. The investigation focuses on Stark Industries Solutions, a hosting provider that surfaced shortly before Russia’s invasion of Ukraine and has been linked to various cyber threats against European targets.
The Role of Stark Industries
Stark Industries Solutions has quickly emerged as a significant player in orchestrating large-scale distributed denial-of-service (DDoS) attacks against European institutions. It has also been identified as a key supplier of proxy and anonymity services frequently associated with Russian-backed hacking groups. In May 2025, the EU sanctioned PQHosting, a company operated by Moldovan brothers Ivan and Yuri Neculiti, for its role in supporting Russia’s hybrid warfare efforts. However, the sanctions did not address Stark’s remaining Internet connection through MIRhosting, a Dutch provider.
MIRhosting and Its Operators
MIRhosting is operated by Andrey Nesterenko, a 39-year-old Russian national residing in the Netherlands. Following media leaks about impending sanctions against PQHosting, Stark’s network assets were transferred to a new entity called the[.]hosting, controlled by WorkTitans BV, which is also linked to Nesterenko and his associate, Youssef Zinad. On the same day as the arrests, Dutch investigators conducted searches at multiple locations, including three businesses and two data centers, seizing laptops, telephones, and over 800 servers.
Implications for Cybersecurity
The investigation has revealed that WorkTitans and MIRhosting were heavily utilized in pro-Russian attacks against Danish government bodies during the week of Denmark’s municipal elections in November 2025. Prior to his arrest, Nesterenko claimed ignorance regarding the misuse of his servers for cybercriminal activities, asserting that he had ceased all services with the Neculiti brothers following the imposition of EU sanctions.
MIRhosting has since initiated an internal investigation into the allegations surrounding its services’ potential involvement in influencing the Danish elections. The company stated that preliminary findings indicated no anomalies in network traffic during the relevant period, and it had not received any complaints or reports of misuse.
Background of the Operators
Nesterenko, originally from Nizhny Novgorod, Russia, is a former piano prodigy who founded MIRhosting’s parent company, Innovation IT Solutions Corp., in 2004. This company has a controversial history, having previously hosted a hacktivist website involved in organizing cyberattacks against Georgia during the 2008 conflict. Nesterenko has publicly denied any connection to cybercrime or sanctions evasion, asserting that the transition to the[.]hosting was not intended to circumvent sanctions.
Zinad, who has maintained a low profile since the arrests, reportedly blocked access to his LinkedIn account and has been unresponsive to inquiries. Nesterenko claims that Zinad was not an employee of MIRhosting but rather assisted with business tasks under a normal business-to-business arrangement.
For further details, visit the original reporting source: cyberwarriorsmiddleeast.com.
For ongoing coverage and breaking updates, visit our Latest News section.
Published on 2026-05-26 09:04:00 • By the Editorial Desk
