What was seized and where
Last week, law enforcement officers carried out raids at two Dutch data centers. About 800 servers belonging to WorkTitans and MIRhosting were seized — the companies had leased equipment to entities linked to Russian hackers.
According to the investigation, the real beneficiaries were two Moldovan brothers — Iurie Neculiti and Ivan Neculiti — who were added to the EU sanctions list in 2025 for assisting Russian state hackers.
Who was arrested
As part of the operation, two individuals were detained:
- Youssef Zinad, owner of WorkTitans;
- Andrey Nesterenko, founder of MIRhosting, a 39-year-old Russian citizen living in the Netherlands. He is also known as a concert pianist and winner of music competitions.
On LinkedIn, Nesterenko admitted that he had previously worked with one of the Neculiti brothers, but claimed he had cut ties after sanctions were imposed. His company denies any wrongdoing, saying it had not noticed anything suspicious within its network. WorkTitans declined to comment.
Who is behind the attacks?
The seized servers are linked to the Russian hacker group NoName057(16), which Europol accuses of carrying out mass attacks on government websites and banking services. The group specializes in DDoS attacks — overwhelming websites with traffic until they become inaccessible.
Among the high-profile incidents were attacks on Danish government organizations in November last year and a Christmas attack on France”s postal service that caused major parcel delays.
How the group operates
According to the US Department of Justice, NoName057(16) is a covert project involving employees of the Kremlin-backed Center for the Study and Network Monitoring of the Youth Environment. The group maintained daily rankings of DDoS attacks and rewarded the most active volunteers with cryptocurrency.
Experts note that the group heavily depends on servers located in Western countries, making it vulnerable to police operations. Last year, European investigators had already seized about 100 NoName057(16) servers. However, the group continued operating.
The operation in the Netherlands is part of a broader trend: hacker activity carried out in the interests of aggressive states has increased significantly in recent times. DDoS attacks are targeting not only government websites — in May, Nova Poshta (Ukraine’s largest private postal and delivery company) also became a victim, with its services coming under a massive attack.
Russia is also changing tactics: as revealed in Sweden, Russian cyberattacks are now aimed not only at digital infrastructure, but also at the physical infrastructure of European countries. In Germany, hackers breached the Signal accounts of hundreds of top officials — including ministers and Bundestag leadership — through a sophisticated phishing attack.
Click Here For The Original Source.
