Dutch authorities seized 800 servers from hosting firm they say helped Russia undermine European democracy

Dutch financial crime investigators arrested two men and seized 800 servers last week in a case that cuts through several layers of corporate structure before arriving at what authorities describe as direct support for Russian interference operations across Europe.

The FIOD, the Netherlands’ financial crimes investigation unit, arrested a 57-year-old company director and a 39-year-old who ran a separate firm supplying internet connectivity. According to investigators, both men indirectly provided economic resources to Russian and Belarusian entities already sanctioned by the European Union, a violation that carries serious legal weight under EU law.

The investigation centers on Stark Industries, a web hosting firm founded on February 10, 2022, roughly two weeks before Russia’s invasion of Ukraine. The EU added Stark Industries to its sanctions list in May of last year. Shortly after that designation, the hosting infrastructure shifted to a newly registered Dutch company that investigators believe served as a front to keep the operation running under a different name.

That company, according to Dutch outlet De Volkskrant, is WorkTitans B.V., which operated hosting services under the brand THE.Hosting. Danish authorities and infrastructure providers had already linked WorkTitans to attacks carried out by NoName057(16), a pro-Russian hacktivist group with a documented history of DDoS campaigns against European institutions and critical organizations.

A third company called Mirhosting, based in Almere, provided the physical backbone. It operated the actual servers, handled colocation, and supplied high-capacity connectivity to internet exchanges in Amsterdam and Frankfurt, effectively routing Stark Industries traffic into Europe through legitimate-looking infrastructure. Mirhosting denied knowingly supporting illegal activity, stating it acted on abuse complaints when they arrived. WorkTitans did not respond to requests for comment.

FIOD conducted raids across data centers in Dronten and Schiphol-Rijk, as well as searches in Enschede and Almere. Investigators walked away with 800 servers, laptops, phones, and administrative records.

The case illustrates something European law enforcement has been documenting with increasing frequency: sanctioned entities do not simply disappear after designation. They reorganize behind new corporate shells, often within the same jurisdiction, and continue operating until investigators trace the infrastructure back through each layer.

This one took layers to unravel.