Two Dutch individuals owning companies that provided bulletproof hosting services to Russian state-sponsored and affiliated threat actors were arrested by Dutch authorities. Their companies acted as fronts to circumvent EU sanctions imposed on a Moldovan-based hosting provider, Stark Industries, which supported cyberattacks and information manipulation targeting the EU. The suspects maintained server infrastructure rented to sanctioned entities, enabling continued operations despite sanctions. The investigation led to seizures of over 800 servers and other equipment across multiple locations. This hosting infrastructure was used to facilitate distributed denial-of-service (DDoS) and other cyberattacks against EU targets.

The hosting services enabled sanctioned Russian-aligned threat actors to continue conducting destabilizing cyber activities against the European Union, including disinformation campaigns, interference, and disruptive cyberattacks such as DDoS. By providing bulletproof hosting that obscured the real customers, these companies complicated abuse detection and enforcement of sanctions, prolonging the operational capabilities of malicious actors. The arrests and seizures disrupt these hosting services, potentially reducing the threat actors' ability to carry out such operations from these infrastructures.

The arrests and seizure of infrastructure represent direct law enforcement action disrupting the bulletproof hosting services used by these threat actors. No technical patch or remediation applies. Organizations should monitor for changes in threat actor infrastructure following this disruption. Continued enforcement of sanctions and cooperation between international law enforcement agencies are critical to mitigating similar threats. Patch status is not applicable in this context.