Dutch Law Enforcement Seizes 800 Servers and Arrests Operators of Russian Bullet‑Proof Host THE.Hosting
What Happened – Dutch authorities confiscated roughly 800 servers operated by the Russian bullet‑proof hosting provider THE.Hosting and detained two of its operators. The takedown left the provider’s core IP address blocks untouched, allowing the service to remain reachable.
Why It Matters for TPRM –
- Bullet‑proof hosts are frequently leveraged by cyber‑criminals to stage attacks, host C2 infrastructure, and exfiltrate data.
- A partial takedown can shift malicious traffic to other, less‑visible providers, increasing supply‑chain risk for downstream vendors.
- Organizations that rely on third‑party cloud or hosting services must reassess the resilience and reputational exposure of any providers that may be using or linked to such services.
Who Is Affected – Technology‑SaaS, Cloud‑Infra, Managed Service Providers, and any enterprise that outsources web‑hosting or data‑processing to third‑party providers.
Recommended Actions –
- Review contracts and security questionnaires for any hosting or CDN services to confirm they do not rely on bullet‑proof providers.
- Conduct a rapid inventory of assets that may be communicating with IP ranges associated with THE.Hosting.
- Update third‑party risk assessments to include “bullet‑proof hosting” as a high‑risk indicator.
Technical Notes – The operation targeted physical servers and the individuals managing the service; no specific software vulnerability or CVE was disclosed. The core IP address space of THE.Hosting remains active, meaning the service can continue to be used for malicious purposes via other infrastructure. Source: Dark Reading