Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia's intelligence agencies.
The arrests reflect an ongoing and escalating global effort to counter state-sponsored cyber warfare and disinformation, particularly in the context of Russia's war in Ukraine, leveraging prior intelligence from outlets like KrebsOnSecurity.
A strategic reader should care as this demonstrates tangible action against the digital infrastructure enabling cyberattacks and influence operations, tightening the net on hostile state actors and their proxies.
The operational cost and risk for hostile state actors seeking to utilize European IT infrastructure for cyber warfare will significantly increase, potentially forcing them to adapt tactics or relocate infrastructure.
- · European Union cyber defense
- · Cybersecurity intelligence agencies
- · Rule of law enforcement
- · Russian state-sponsored cyber operations
- · Hosting companies aiding hostile states
- · Cybercriminals
The immediate effect is the disruption of a significant IT infrastructure used for state-level cyberattacks and the apprehension of its operators.
This action will likely lead to increased scrutiny and pressure on other hosting providers suspected of harboring malicious infrastructure, potentially driving such activities further underground or to less regulated jurisdictions.
Long-term, it could contribute to NATO and EU member states establishing more robust, cooperative legal frameworks and cross-border enforcement mechanisms against digital threats, creating a more secure collective cyber domain.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at Krebs on Security