Dutch authorities have launched a large-scale operation against a digital infrastructure that investigators say was used by Russian hackers for attacks on government institutions and banking services in Europe.
The Dutch police seized 800 servers and detained two suspects/PHOTO: Archive
In the raids, police seized 800 servers and detained two suspects accused of violating sanctions imposed by the European Union, reports Bloomberg.
The operation was coordinated by the Dutch Tax Intelligence and Investigation Service, which raided two data centers last week. The seized servers were associated with the companies WorkTitans and MIRhosting.
According to the authorities, the two companies are suspected of having rented digital infrastructure to entities controlled by the brothers Iuri and Ivan Neculitis from the Republic of Moldova. The two were included on the European Union's sanctions list last year for supporting Russian-backed hacker groups.
As part of the investigation, the police arrested the owner of WorkTitans, Yousef Zinad, as well as the founder of MIRhosting, Andrei Nesterenko.
Nesterenko, a 39-year-old Russian national, lives in the Netherlands and is also known as a concert pianist.
In a post on LinkedIn, he admitted that he had previously worked with one of the Neculitis brothers, but said that relations were severed after the introduction of European sanctions. He also claimed that MIRhosting “not noticed anything suspicious” on its network and denied any wrongdoing.
According to Dutch publication Volkskrant, WorkTitans and MIRhosting were among the main networks used in the cyber attacks on Danish government institutions last November.
Responsibility for those attacks was claimed by the pro-Russian group NoName057(16), which Europol has previously accused of numerous DDoS attacks against European government websites and banking services.
In such attacks, websites are overloaded with huge volumes of traffic and become inaccessible to users.
In 2023, the group NoName057(16) also claimed the attack on the website of the National Assembly of France, which remained down for almost 24 hours.
The United States Department of Justice previously said the group was created as a clandestine project with the involvement of members of a pro-Kremlin organization called the Center for the Study and Monitoring of Youth Networks.
According to US authorities, the group maintained rankings of participants in the attacks and rewarded the most active members with cryptocurrency payments.
Recently, the Dutch intelligence services AIVD and MIVD warned of a large-scale Russian cyber campaign aimed at compromising the accounts of government officials, the military and journalists via the Signal and WhatsApp apps.
The attackers allegedly posed as representatives of official technical support services and used social engineering techniques to obtain verification codes and security PINs from users.
