Searches were conducted in two data centers in the Netherlands, during which 800 servers used for cyberattacks in Europe were seized. The operation is linked to Russian hackers who attacked government institutions and banks.
The Dutch Financial Information and Investigation Service conducted searches in data centers where servers of hosting companies WorkTitans and MIRhosting were seized. The investigation revealed that these servers were used by Russian hackers to organize cyberattacks on government institutions and the banking sector in Europe. Government organizations in Denmark and postal services in France were particularly affected during the Christmas holidays.
According to Bloomberg, the entities that rented the servers were associated with Yuri and Ivan Niculita of Moldova, who are under EU sanctions for supporting Russian hackers. The hacker group NoName057(16) claimed responsibility for DDoS attacks that overloaded and shut down government institution websites.
As part of the operation, law enforcement detained the owner of WorkTitans, Youssef Zinad, and the founder of MIRhosting, Andrey Nesterenko. Nesterenko, a Russian citizen residing in the Netherlands, denies violations and stated that he ceased cooperation with the Niculita brothers after sanctions were imposed.
Experts note that cyberattacks linked to Russian groups are becoming an increasingly serious threat to Europe. Russian hackers continue to use new technologies, such as the Darksword toolkit, to increase the efficiency of their attacks. Such actions require coordination of efforts at the international level to counteract cyber threats.
