Dutch authorities seize 800 servers enabling cyberattacks and disinformation
Financial crime investigators arrested two suspects and dismantled infrastructure used for offensive cyber operations and influence campaigns across multiple jurisdictions.
The Netherlands Financial Intelligence and Investigation Service (FIOD) seized 800 servers from a web hosting company that provided infrastructure for cyberattacks, interference operations, and disinformation campaigns. Two men were arrested in connection with the operation.
The hosting firm's services were used by threat actors to conduct offensive operations while obscuring their origin. The scale of the seizure—800 servers—suggests the company operated substantial infrastructure that enabled a range of malicious activities. Dutch authorities have not disclosed the company's name or the nationalities of the arrested individuals.
The action reflects growing enforcement against so-called "bulletproof hosting" providers, which rent infrastructure to cybercriminals with minimal oversight and ignore abuse complaints. These services have become critical enablers for ransomware groups, state-sponsored actors, and disinformation operators who require resilient infrastructure that resists takedown efforts.
- 01Hosting providers face increased scrutiny over customer vetting and abuse response protocols
- 02Cybercriminal groups lose infrastructure, forcing migration to alternative providers and potential operational disruption
- 03State-sponsored actors using commercial hosting for deniability may face reduced options
- 04European enforcement coordination on cyber-enabled crime appears to be intensifying
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.