The Dutch Police has successfully dismantled ZServers/XHost, a notorious bulletproof hosting operation, by seizing 127 servers in Amsterdam. This action follows recent sanctions imposed by the United States, Australia, and the United Kingdom against the hosting provider for its role in cybercrime activities.

ZServers, operated by Russian nationals Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, was implicated in supporting LockBit ransomware attacks, botnet operations, and malware distribution. The service openly advertised its permissive policies toward criminal activities, effectively functioning as a safe haven for cybercriminals.

The seized infrastructure, located in Amsterdam’s Paul van Vlissingenstraat data centre, hosted various criminal tools, including those used by LockBit and Conti ransomware operations. Cybercriminals could anonymously purchase hosting services using cryptocurrency.

The Amsterdam Cybercrime Team is currently investigating the confiscated servers, which may reveal additional evidence linking to other criminal operations. While no arrests have been made, Mishin and Bolshakov face asset freezes and travel bans under international sanctions.

The Dutch Police emphasized that bulletproof hosting services are crucial to global cybercrime operations, providing necessary infrastructure for hosting malicious tools, stolen data, and fraudulent websites. The shutdown represents a significant blow to cybercriminal operations relying on these services.