Dutch police seize 127 servers belonging to Zservers hosting provider

📟 News

Date: 17/02/2025

Following the introduction of international sanctions against Zservers, Russian ‘bulletproof’ hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.

Last week, the United States, Australia, and the United Kingdom imposed sanctions against Zservers and a related British company, XHOST Internet Solutions LP. According to the U.S. Department of the Treasury, Zservers provided infrastructure for ransomware attacks organized by the LockBit cybercriminal group and assisted hackers in illicit money laundering.

According to the Dutch National Police, the hosting services provider was also involved with unnamed botnets and malware distribution. Politie claims that Zservers knowingly facilitated this malicious activity, and its ads implied that Zservers infrastructure could be used for criminal activity.

The servers were seized from a data center located at Paul van Vlissingenstraat street in Amsterdam. Politie emphasizes that cybercriminals could purchase company’s services anonymously by paying for them with cryptocurrency. Currently, all sites hosted on the seized servers are unavailable.

Seized equipment
Seized equipment

According to the law enforcement authorities, one of the seized servers contains hacking tools belonging to two well-known ransomware groups: LockBit and Conti.

All the 127 servers will examined by cyber forensics experts in Amsterdam. New evidence is expected to be retrieved, as well as information pertaining to other hackers’ operations.

Related posts:
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello

Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…

Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks

Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…

Full article →
2025.02.03 — PyPI introduces a project archival system to combat malicious updates

The Python Package Index (PyPI) introduces a new project archival system: a project can now be archived to notify users that it's not expected to be updated…

Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer

Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…

Full article →
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters

According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…

Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs

According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…

Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks

OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…

Full article →
2025.02.28 — Qualcomm extends support for Android devices to 8 years

Qualcomm Technologies announced its collaboration with Google with the purpose to provide extended support for OEM devices running on company's flagship chipsets. This partnership will…

Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims

According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…

Full article →
2025.04.16 — Android devices will restart every three days to protect user data

Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…

Full article →