Dutch financial crimes agency raids data centers, seizes 800 servers linked to Russian cyberattacks

The Netherlands’ Fiscal Intelligence and Investigation Service, known as the FIOD, seized more than 800 servers in coordinated raids on May 18, targeting a web hosting operation with suspected ties to Russian cyberattacks, disinformation campaigns, and sanctions evasion.

Two individuals were arrested. Youssef Zinad, a 57-year-old from Amsterdam linked to a company called WorkTitans B.V. (operating under the name THE.Hosting), and Andrey Nesterenko, a 39-year-old from The Hague associated with MIRhosting. The raids hit data centers in Dronten and Schiphol-Rijk, with additional searches carried out at business locations in Enschede and Almere.

A sanctions evasion playbook, dismantled

The investigation centers on a Dutch front company that allegedly picked up where a sanctioned entity left off. Stark Industries Solutions was hit with EU sanctions in May 2025 for facilitating what European authorities described as Russian hybrid warfare operations. Think DDoS attacks, malware distribution, and coordinated disinformation, the digital toolkit of geopolitical aggression.

WorkTitans B.V. allegedly absorbed Stark’s assets after those sanctions landed. The FIOD’s case suggests this wasn’t a subtle pivot. It was allegedly the same servers, the same operations, the same clients, just wearing a fresh corporate mask.