Netherlands Seizes 800 Servers Linked to Cyberattacks
Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. The investigation focuses on the activities of web hosting firm Stark Industries, founded on February 10, 2022, shortly before Russia’s invasion of Ukraine.
According to the authorities, the suspects indirectly provided economic resources to Russian and Belarusian entities sanctioned by the European Union (EU). The EU added Stark Industries to the list of sanctioned entities last year on May 20. Following this restriction, the web hosting infrastructure was transferred to a newly created Dutch company that investigators believe acted as a front for the sanctioned entities.
Recent Action and Seizure of Servers
In the recent action, FIOD conducted multiple raids in data centers in Dronten and Schiphol-Rijk, as well as searches in Enschede and Almere, where they seized 800 servers, laptops, phones, and administrative records. The name of the Dutch entity is WorkTitans B.V. and provides hosting services under the brand THE.Hosting.
According to a report from the De Volkskrant publication, Danish authorities and infrastructure providers linked WorkTitans to attacks by the pro-Russian hacktivist group NoName057(16), which has previously targeted key organizations with distributed denial-of-service (DDoS) attacks.
Denial of Involvement and Investigation
Mirhosting, based in Almere, operated physical servers, provided colocation, and supplied high-capacity connectivity to major internet exchanges in Amsterdam and Frankfurt, acting as the transport layer through which Stark’s traffic entered Europe to reach the WorkTitans infrastructure. It’s worth noting that WorkTitans did not respond to de Volkskrant’s requests for a statement, while Mirhosting denied knowingly supporting illegal operations, claiming they quickly intervened upon receipt of abuse complaints.
The investigation is ongoing, and the seized servers and equipment will be analyzed to determine the extent of the cyberattacks and disinformation campaigns. The action taken by the Dutch authorities is a significant step in disrupting the activities of malicious actors and protecting the security and democracy of the European Union.
Background and Context
The Russian invasion of Ukraine has led to an increase in cyberattacks and disinformation campaigns, with various groups and individuals involved in these activities. The European Union has imposed sanctions on several entities and individuals in response to these actions, including Stark Industries.
The seizure of the servers and equipment is a significant development in the investigation and disruption of these activities. The Dutch authorities have taken a proactive approach in addressing the issue, and the action is expected to have a significant impact on the ability of malicious actors to conduct cyberattacks and disinformation campaigns.
Conclusion
The seizure of the 800 servers linked to the web hosting company is a significant step in disrupting the activities of malicious actors and protecting the security and democracy of the European Union. The investigation is ongoing, and the analysis of the seized equipment will provide further insights into the extent of the cyberattacks and disinformation campaigns.
The action taken by the Dutch authorities serves as a reminder of the importance of cooperation and coordination between law enforcement agencies and other stakeholders in addressing the threat of cyberattacks and disinformation campaigns. The European Union and its member states must continue to work together to disrupt and dismantle the networks and infrastructure used by malicious actors to conduct these activities.
Source: BleepingComputer