The Netherlands' Fiscal Intelligence and Investigation Service has made significant strides in targeting cybercrime. On May 18, authorities seized over 800 servers in a coordinated operation aimed at dismantling a web hosting firm suspected of facilitating Russian cyberattacks and disinformation campaigns.
The operation led to the arrest of two individuals, Youssef Zinad from Amsterdam and Andrey Nesterenko from The Hague. Their companies, WorkTitans B.V. and MIRhosting, were implicated in activities benefiting from operations linked to a previously sanctioned entity. The FIOD's investigation reveals that after Stark Industries Solutions was hit with EU sanctions in May 2025 for engaging in operations that support hybrid warfare, WorkTitans allegedly took over its assets while continuing similar activities under a new guise.
This network has been under scrutiny for enabling cybercrime operations that include distributed denial-of-service (DDoS) attacks and misinformation campaigns, crucial components of Russia's ongoing aggression in Ukraine.
This operation marks a decisive escalation in the Dutch authorities' commitment to dismantling such networks. Following a November 2025 raid that confiscated 250 servers, this latest action represents a significant increase in enforcement efforts.
The issue of bulletproof hosting is central to this case. These hosting providers either intentionally or neglectfully overlook illegal activities by their clients, creating safe havens for malicious operations.
Investors in digital infrastructure should pay close attention to these developments. The evolving regulatory landscape indicates that integrating corporate restructuring to evade sanctions will not be tolerated, paralleling enforcement trends in the cryptocurrency space. The Market in Crypto-Assets Regulation mandates that crypto service providers verify their clients against sanctions lists. Following this precedent, the hosting sector could see tightening regulations similar to those affecting crypto infrastructure.
As these enforcement actions become more established, those involved in hosting or data center investments in Europe need to evaluate their compliance risks carefully. With the FIOD tripling its servers seized within six months, the message is clear: the government intends to pursue a focused strategy on cybercrime and sanctions evasion that could impact companies operating within this sector.