Dutch Police Seize 127 Servers in Cybercrime Crackdown
The Hague, Tuesday, 18 February 2025.
Dutch police dismantle Zservers, affecting Conti and LockBit operations, marking a critical development in international cybercrime enforcement.
Major Operation at Amsterdam Data Center
On February 13, 2025, Dutch police executed a significant raid at the Paul van Vlissingenstraat data center in Amsterdam, seizing 127 servers operated by Zservers/XHost [1][2]. This operation followed coordinated sanctions announced by the United States, United Kingdom, and Australia against the bulletproof hosting service just two days earlier [1]. The service had gained notoriety for its connections to major cybercrime groups, including the LockBit ransomware operation and the Conti cybercrime gang [2].
Sophisticated Criminal Infrastructure
Zservers, which had been operating since at least 2019 [1], provided a comprehensive suite of services designed to shield cybercriminals from law enforcement. The company openly advertised its capability to allow criminal activities from its servers, guaranteeing customer anonymity and accepting cryptocurrency payments to avoid detection [2]. The seized servers contained evidence of various malicious activities, including botnet operations and ransomware infrastructure [2]. Two Russian nationals, Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, were identified as administrators of the service [2].
Part of Broader Cybersecurity Evolution
This operation reflects the evolving landscape of cybersecurity in the Netherlands, where law enforcement faces increasingly complex digital challenges [4]. Professor Monica den Boer of Police Studies emphasizes that the police must balance their extensive powers with legitimate and just actions, particularly in the digital domain [4]. The Dutch police force, comprising approximately 65,000 staff members [4], has demonstrated its commitment to combating cybercrime through this operation, which represents a significant blow to cybercriminals using bulletproof hosting services [1].
Ongoing Investigation
While no arrests have been made as of February 18, 2025 [1], the Amsterdam Cybercrime Team, in collaboration with the Public Prosecution Service, is conducting a thorough investigation of the data found on the seized servers [2]. This crackdown comes at a crucial time, as recent analysis shows that cybercriminal services are becoming increasingly accessible, with phishing-as-a-service (PhaaS) kits gaining popularity among malicious actors [5].