Article Title: Authorities Dismantle Major Cybercrime Infrastructure, Seizing Thousands of Servers
In a significant law enforcement operation on November 12, 2025, the East Netherlands cybercrime team successfully dismantled a substantial criminal infrastructure. Authorities seized approximately 250 physical servers located in data centers across The Hague and Zoetermeer. These servers powered thousands of virtual servers that were instrumental in facilitating various cybercrimes.
This operation stands as one of the most extensive takedowns targeting bulletproof hosting services—providers that offer anonymity and protection to clients engaging in illegal activities. The hosting company in question presented itself as a legitimate service while explicitly marketing its services as bulletproof hosting. It assured clients of non-cooperation with law enforcement and guaranteed protection for criminal endeavors.
Despite these assurances, the company’s infrastructure became the focal point of an in-depth investigation, revealing its exclusive dedication to supporting illegal activities. Since 2022, the hosting provider had been implicated in over 80 criminal investigations both domestically and internationally. It continued to facilitate illegal operations up until the moment of seizure, underscoring its persistent role in enabling cybercriminal activities.
The Role of the Criminal Infrastructure in Cyberattacks
The rogue hosting provider served as a critical enabler for a wide array of cybercriminal activities. Criminals utilized the company’s digital space to launch ransomware attacks, deploy botnets compromising thousands of systems, execute sophisticated phishing campaigns targeting organizations and individuals, and distribute child exploitation material. This hosting service essentially provided the digital foundation that allowed threat actors to conduct their operations with perceived impunity.
The operational scope of this infrastructure was substantial, housing criminal websites, malware command-and-control servers, phishing infrastructure, and various other illegal services. The seizure of both physical and virtual servers immediately disrupted these criminal operations and prevented new attacks from being launched through this particular infrastructure.
Following the seizure, authorities prioritized analyzing the vast amount of data recovered from the servers to identify additional criminal networks, individual threat actors, and victims requiring notification. The investigation continues with law enforcement agencies focusing on identifying all users of the hosting service and tracing the full extent of criminal activities conducted through this infrastructure.
This operation demonstrates the critical importance of targeting the underlying infrastructure that enables cybercriminal operations at scale. By dismantling such platforms, authorities can significantly disrupt the cybercrime ecosystem and prevent future attacks.
