Authorities Seize 800 Hosting Servers Used for Cyber

Dutch authorities have seized over 800 servers and arrested two individuals. These actions stem from a major investigation into a hosting infrastructure allegedly used to support cyberattacks, disinformation campaigns, and sanctions evasion linked to Russia.

The Fiscal Information and Investigation Service (FIOD) confirmed that arrests were carried out on May 18, 2026, targeting a 57-year-old man from Amsterdam and a 39-year-old man from The Hague.

Both suspects are accused of violating the EU Sanctions Act by indirectly providing economic resources and services to entities sanctioned by the European Union.

Authorities Seize Attack Servers

The investigation centers on a web hosting company established on February 10, 2022, just weeks before Russia invaded Ukraine.

According to investigators, the company’s infrastructure was later leveraged to facilitate destabilizing activities targeting the European Union.

These activities reportedly included:

• Launching cyberattacks against European systems.
• Conducting interference operations.
• Disseminating disinformation campaigns.
• Supporting broader information manipulation efforts.

Authorities believe the infrastructure played a role in undermining democratic processes and disrupting public and economic systems across EU member states. The hosting provider was officially placed on the EU sanctions list on May 20, 2025.

However, investigators discovered that a significant portion of its infrastructure was transferred to a newly established Dutch company around the same time.

FIOD findings indicate that this new entity acted as a front organization to circumvent sanctions. The 57-year-old suspect is identified as the company’s director and indirect sole shareholder.

A second Dutch company, operated by the 39-year-old suspect, allegedly played a supporting role by providing internet connectivity to the infrastructure, effectively enabling continued operations despite sanctions.

Authorities conducted coordinated searches across multiple locations, including:

• Three business premises in Enschede and Almere.
• Two data centers are located in Dronten and Schiphol-Rijk.

During these operations, law enforcement seized:

• Over 800 servers.
• Administrative records.
• Laptops and mobile devices.

The scale of the seizure underscores the extensive infrastructure required for the operation. It suggests a significant capacity for cyber-enabled activities.

Ongoing Investigation

The Functional Prosecution Service is leading the case under the Dutch Public Prosecution Service.

Violations of EU sanctions fall under both the Sanctions Act and the Economic Offenses Act, making such activities criminally punishable.

Since the start of the Russia-Ukraine conflict, the EU has expanded sanctions targeting Russia and Belarus, including restrictions on financial transactions and the provision of technical services.

Authorities emphasize that attempts to circumvent these measures, including through proxy companies or infrastructure transfers, are actively investigated.

The FIOD continues to track individuals and organizations attempting to evade sanctions while enabling cyber operations.

The investigation remains ongoing, and further arrests or asset seizures may follow as authorities analyze the confiscated infrastructure and data.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.