Dutch authorities arrested two admins of a bulletproof hosting service — infrastructure that ignores legal takedown requests — used by Russia-aligned threat actors.
The Netherlands arrested two nationals who ran Dutch-registered companies providing bulletproof hosting — infrastructure built to resist abuse reports, legal takedowns, and law enforcement cooperation requests. Their clients were Russia-aligned threat actors.
Bulletproof hosting is the layer that lets offensive campaigns stay online even under pressure from security teams and authorities. Without it, operators must rotate infrastructure constantly, increasing their detection surface.
Specific client group names and full criminal charges have not yet been published, but the pattern is well-documented: formally legitimate EU-registered companies acting as a shell for services that operate outside the law in practice.
This arrest hits the offensive infrastructure supply chain, not an individual operator. APT (state-sponsored hacker groups) historically linked to Russian operations rely on resilient hosting layers to keep their C2 (server that controls compromised machines), rotation proxies, and exfiltration nodes running.
When that layer collapses through law enforcement action, operators face two options: migrate fast (generating new detectable IOC (technical attacker fingerprints)) or pause operations. Either outcome is a win for defenders.
The Netherlands is a particularly significant venue — one of Europe's densest internet infrastructure hubs. This signals that European authorities are prioritizing infrastructure disruption over chasing end operators, a more effective short-term strategy.
The bigger picture: attacking support infrastructure is more disruptive than chasing operators. An APT group can recruit new members; finding another bulletproof hosting provider with equivalent resilience in a cooperative jurisdiction is significantly harder.
Help more people discover BBLabs News.
Want to get news like this every day?
Browse all articles
