The Amsterdam Cybercrime Team has taken down a major bulletproof hosting provider, ZServers/XHost, seizing 127 servers in a raid on February 12.
This marks the first time Dutch authorities have physically shut down such an operation, following over a year of investigation into the company’s role in enabling cybercriminal activities.
ZServers/XHost, operating from Paul van Vlissingenstraat in Amsterdam, functioned as a bulletproof hosting provider—a service designed to shield cybercriminals from law enforcement by offering anonymity, ignoring takedown requests, and facilitating illicit activities. The investigation revealed that the provider actively advertised its services to criminals, allowing them to conduct operations without fear of detection. Payments for these services were processed anonymously, often via cryptocurrency.
Authorities discovered that ZServers/XHost hosted ransomware, botnets, and malware, with direct links to Conti and LockBit, two of the world’s most destructive ransomware gangs. While no arrests have been made yet, law enforcement is now analyzing the seized data to identify those responsible.
This takedown comes just one day after ZServers was sanctioned by the United States, United Kingdom, and Australia for its role in facilitating LockBit ransomware operations. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) designated the company and two Russian nationals—Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov—for providing infrastructure to cybercriminals.
Politie
ZServers, headquartered in Barnaul, Russia, leased IP addresses to LockBit affiliates, who used the infrastructure to execute ransomware attacks against critical infrastructure worldwide. Canadian authorities previously linked a LockBit attack to a ZServers IP address, and evidence showed the company continued leasing servers even after they were flagged for cybercriminal use.
These sanctions froze ZServers' assets and prohibited businesses from engaging with the company, adding economic pressure to the law enforcement actions in Amsterdam.
Bulletproof hosting providers are crucial enablers of cybercrime, offering cybercriminals a secure digital hideout for hosting stolen data, malware, phishing sites, and hacking tools. Because they are designed to resist law enforcement intervention, they make disrupting cybercrime operations significantly more difficult.
This coordinated international effort against ZServers, a big player in the field, demonstrates a significant step toward disrupting cybercriminal infrastructure. However, as long as cybercrime remains profitable and cybercriminals continue seeking alternative providers, there will always be people willing to take the risk and offer them for quick enrichment.
OmniGPT Allegedly Breached: 34 Million User Messages Leaked
Leave a Reply