The Dutch Financial Information and Investigation Service conducted raids at two of the country’s data centers and seized 800 servers belonging to the hosting companies WorkTitans and MIRhosting.
Bloomberg reports.
The seized web equipment was used by Russian hackers to carry out cyberattacks against government institutions and the banking sector in Europe.
More on the hacker group’s activity
According to Bloomberg, the WorkTitans and MIRhosting networks rented servers to entities linked to two brothers from Moldova — Yurii and Ivan Nekulita. Last year the EU imposed sanctions on them for assisting Russian state-linked hacker groups.
These networks were already used during pro‑Russian cyberattacks on Danish government organizations in November 2025.
The Russian group NoName057(16) claimed responsibility for those disruptions. According to Europol, the group repeatedly attacked government websites and banking services.
How the hackers operated
Hackers use DDoS attacks, overwhelming sites with traffic and disabling them. For example, during the last Christmas holidays the hackers disrupted the French postal service, causing parcel delivery delays.
The outlet writes that NoName057(16) was created as a covert project involving employees of a Kremlin‑backed organization.
As part of the investigation, law enforcement detained WorkTitans owner Yusef Zinad and MIRhosting founder Andrii Nesterenko. The latter is a Russian citizen living in the Netherlands.
Nesterenko wrote on LinkedIn that he previously worked with one of the Nekulita brothers but ended the relationship after the sanctions were imposed. He also denied any wrongdoing.
Recall that in March 2026 a group of hackers likely linked to the Russian government attacked hundreds of millions of iPhone users using a new Darksword toolkit.
New cyberattacks were carried out by the group UNC6353. The attackers used compromised websites to distribute the Darksword hacking toolkit.
Experts say Darksword was designed to steal personal information, including passwords, photos, browser histories, and messages from WhatsApp, Telegram, and SMS.
Click Here For The Original Source.
