Authorities Seized Thousands of Servers from Rogue Hosting Company Used to Fuel Cyberattacks

In a major law enforcement operation conducted on November 12, 2025, the East Netherlands cybercrime team successfully dismantled a significant criminal infrastructure.

Authorities seized approximately 250 physical servers located in data centers across The Hague and Zoetermeer, which collectively powered thousands of virtual servers used for illegal activities.

This operation represents one of the largest infrastructure takedowns targeting bulletproof hosting services that have been instrumental in facilitating cybercrimes across multiple jurisdictions.

The seized hosting company operated under the guise of legitimacy while providing complete anonymity to its users.

Police analysts identified that the provider marketed itself as bulletproof hosting, explicitly claiming not to cooperate with law enforcement agencies and guaranteeing protection for its criminal clientele.

Despite these promises, the company’s infrastructure ultimately became the centerpiece of a comprehensive investigation that has exposed its true nature as a criminal enterprise serving exclusively illegal purposes.

Police.nl security analysts noted that the hosting company had appeared in more than 80 criminal investigations both domestically and internationally since 2022.

The company continued facilitating illegal operations until the moment of seizure, demonstrating its persistent role in supporting various cybercriminal activities across different threat landscapes and attack vectors.

The Criminal Infrastructure’s Role in Cyberattacks

The rogue hosting provider functioned as a critical enabler for multiple types of cybercriminal activities.

Criminals rented digital space from this company to launch ransomware attacks, deploy botnets designed to compromise thousands of systems, execute sophisticated phishing campaigns targeting organizations and individuals, and distribute child exploitation material.

This hosting service essentially provided the digital foundation that allowed threat actors to conduct their operations with perceived impunity.

The operational scope of this infrastructure was substantial, with the platform housing criminal websites, malware command-and-control servers, phishing infrastructure, and various other illegal services.

The seizure of both physical and virtual servers immediately disrupted these criminal operations and prevented new attacks from being launched through this particular infrastructure.

Following the seizure, authorities prioritized analyzing the vast amount of data recovered from the servers to identify additional criminal networks, individual threat actors, and victims requiring notification.

The investigation continues with law enforcement agencies focusing on identifying all users of the hosting service and tracing the full extent of criminal activities conducted through this infrastructure.

This operation demonstrates the critical importance of targeting the underlying infrastructure that enables cybercriminal operations at scale.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.