The Dutch Police (Politie) have dismantled the ZServers/XHost bulletproof hosting operation, taking down 127 servers that were allegedly used for illegal activities.
This action follows sanctions imposed earlier this week by authorities in the U.S., U.K., and Australia, targeting the same hosting provider for its role in cybercrime. ZServers has been accused of facilitating LockBit ransomware attacks and helping cybercriminals launder illicit funds.
The operation, run by Russian nationals Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, reportedly supported botnet activities and malware distribution. According to Dutch authorities, ZServers openly advertised its lenient policies, making it clear to customers that its infrastructure welcomed illegal operations. “A bulletproof hoster is not just any shadowy company that ignores rules – it is the backbone of global cybercrime,” Politie stated.
One of the seized servers was found hosting hacking tools for LockBit and Conti ransomware, two of the most notorious ransomware-as-a-service (RaaS) groups. The servers were located in a colocation data center on Paul van Vlissingenstraat in Amsterdam, where criminals could purchase hosting services anonymously using cryptocurrency. All affected websites have now been taken offline.
Cybercrime specialists in Amsterdam are currently analyzing the 127 confiscated servers, which may uncover more evidence linking ZServers to other cybercriminal networks. However, no arrests have been made so far. Mishin and Bolshakov have been sanctioned with asset freezes and travel bans, but no criminal charges have been filed against them yet.
