The arrests took place in Amsterdam and The Hague. The suspects are a 57-year-old entrepreneur and a 39-year-old concert pianist who owned a hosting company in Almere. The FIOD suspects them of violating EU sanctions by providing digital services to networks used in Russian cyber operations.
During raids on data centers in Dronten and near Schiphol, hundreds of servers were shut down. Customers of the involved companies noticed almost immediately that their systems were no longer accessible. On social media, users posted messages about unexpected outages.
NoName057(16)
The investigation centers on the hacker group NoName057(16). This pro-Russian group carried out digital DDoS attacks in several EU countries on websites of governments, political parties, and public institutions.
Promotion
For example, Denmark experienced multiple disruptions last year. Websites of political parties and the parliament went offline around municipal elections. Danish digital systems for payments and judiciary were also affected.
According to researchers, the pro-Russian hackers used Dutch infrastructure to make their digital traffic less visible. By routing internet traffic through servers in the Netherlands, it appeared as if the attacks originated from European companies rather than from Russia.
EU Sanctions
The company Stark Industries and Moldovan brothers Ivan and Iurie Neculiti play an important role in the investigation. According to European authorities, this network facilitated Russian cyber operations against European countries. Therefore, the European Union announced sanctions against Stark Industries and the brothers a year ago. According to the EU, this measure aimed to better protect Europe against Russian hybrid threats and disinformation campaigns.
Following those EU sanctions, the activities reportedly shifted under other names to different companies, according to research by two Dutch and Danish journalists. Additionally, internet addresses and server activities were allegedly transferred to evade the EU sanctions.
The companies involved deny knowingly cooperating with Russian cyberattacks. One of the suspects previously stated that his company operated legally and that he had nothing to hide. It was also denied that it was known that servers were used for attacks or spreading pro-Russian disinformation.