It’s a story that sounds like it’s ripped from the pages of a spy novel, but for two Dutch IT entrepreneurs, it’s a harsh reality. The Dutch authorities, through their Fiscal Information and Investigation Service (FIOD), recently dropped a bombshell, announcing the arrest of a 57-year-old from Amsterdam and a 39-year-old from The Hague. Their alleged crime? Violating European sanctions and, more chillingly, providing the digital backbone for pro-Russian cyberattacks and disinformation campaigns. Imagine running a seemingly legitimate tech business, only to be accused of enabling the very forces that seek to destabilize democracies. These are real people, with lives and families, now under the shadow of serious accusations that paint a picture of complicity in a global struggle. The FIOD’s investigation, which involved raids on business premises and data centers, seizing everything from laptops to over 800 servers, highlights the serious nature of these allegations and the intricate web of digital infrastructure involved.
The plot thickens when you consider the timing. The company at the heart of this investigation was founded on February 10, 2022, a mere two weeks before Russia unleashed its full-scale invasion of Ukraine. While the FIOD kept the company’s name under wraps, they did disclose that it was sanctioned by the European Union on May 20, 2025 – a detail that immediately raises eyebrows. This isn’t just about a business; it’s about a company that emerged at a critical geopolitical juncture and then faced international condemnation. The authorities allege a sophisticated attempt to skirt these sanctions: after the restrictions were slapped on, a significant chunk of the company’s technical infrastructure was supposedly shifted to a newly established Dutch firm, specifically designed to bypass the rules. It paints a picture of deliberate maneuvering, a strategic chess game played in the digital realm to evade accountability.
While Dutch authorities maintained a veil of anonymity, a collaborative effort by the German nonprofit journalism group Correctiv and Dutch newspaper de Volkskrant pulled back the curtain, revealing the identities behind the arrests. The 57-year-old suspect is reportedly Andrey N., a concert pianist who also operates the hosting provider MIRhosting. His alleged accomplice, the 39-year-old, is Youssef Z., a business consultant and owner of WorkTitans. So, we have a concert pianist and a business consultant, both seemingly respectable professionals, now linked to accusations of supporting hostile state-sponsored activities. It’s a stark reminder that cyber warfare isn’t confined to shadowy figures in dark rooms; it can involve individuals with diverse backgrounds, some outwardly appearing far removed from such activities. Andrey N., as the alleged director and sole shareholder of the company under scrutiny, and Youssef Z., whose company reportedly provided the crucial internet connectivity, are now at the center of a complex legal and ethical storm.
The investigation by Correctiv further illuminates the intricate network at play. They report that MIRhosting provided services to Ivan and Juri Neculiti, Moldovan brothers who ran the hosting firm Stark Industries. And it’s Stark Industries that Correctiv identifies as the focal point of the FIOD investigation. This name rings a bell because the EU, on that very significant date of May 20 last year, sanctioned Stark Industries and its owners. The reason? Its alleged role in enabling “various Russian state-sponsored and state-affiliated actors to conduct destabilising activities including coordinated information manipulation and interference and cyber-attacks.” Imagine the impact – a single hosting firm, accused of being a linchpin in a global campaign to sow discord and execute cyberattacks. Stark Industries reportedly offered internet infrastructure services, including numerous VPN and proxy connections, allowing users to operate anonymously online. This anonymity, while a legitimate feature for privacy, becomes a dangerous tool when exploited for nefarious purposes, as it allegedly was to host websites tied to Reliable Recent News, a network associated with the Russian-linked Doppelgänger disinformation campaign.
Beyond disinformation, the infrastructure was allegedly a staging ground for more direct assaults. Distributed denial-of-service (DDoS) attacks, attributed to the pro-Russian hacker group NoName057(16), are also linked to this infrastructure. These attacks, which overwhelm target systems with a flood of traffic, were reportedly aimed at European government agencies and political institutions. It’s a chilling thought: the digital scaffolding provided by these entrepreneurs potentially facilitated direct attacks on the very fabric of European democracy. Correctiv’s findings suggest that Andrey N. continued his services to the Neculiti network even after EU sanctions took effect, and Youssef Z. allegedly played a pivotal role in helping the sanctioned entities bypass these restrictions through a front company. This suggests a concerted effort to circumvent legal and ethical boundaries, with real-world consequences for international security.
In their defense, MIRhosting issued a statement last week, vehemently denying the allegations and assuring the public of their full cooperation with authorities and an ongoing internal investigation. They clarified that they had temporarily suspended services to WorkTitans, emphasizing that their relationship was limited to providing physical server space, power, and network connectivity through a third-party data center, with no access to the customer’s data or applications. Andrey N., in earlier comments to de Volkskrant, also denied any knowing facilitation of pro-Russian cyber operations and stated that he ceased cooperation with the Neculiti brothers after sanctions were imposed. These statements present a counter-narrative, suggesting that if any wrongdoing occurred, it was without their full knowledge or intention, or that they took corrective action. The contrast between the official accusations and the denials creates a complex human drama, where reputations are on the line and the truth, in the highly technical and often opaque world of cyber infrastructure, remains to be fully unraveled by the ongoing legal process.