Amsterdam police eliminated ZSSERRES/XHOST hosting provider, which was used to accommodate the infrastructure of cybercriminals. The operation carried out on February 12, ended with the seizure of 127 servers that became the basis for the activity hackers, spreading malicious software that control the botnets and organize cyber attacks.
The investigation lasted more than a year and revealed that ZSERRES/XHOST offered the services of a “bulletproof” hosting – infrastructure that protects customers from law enforcement agencies. According to the police, the platform advertised the possibility of anonymous placement of prohibited content and cryptocurrency payments that exclude the possibility of tracking transactions.
Conti and Lockbit groups were found on the servers. According to the investigation, ZSERRES/XHOST not only provided the groups with technical resources, but also provided protection against blocking.
Unlike previous investigations, when only legal measures were taken against such services, this time law enforcement officers decided to act physically. The servers were disconnected, and the data was taken for analysis. As a result of the police work, all resources hosted on the platform became inaccessible.
At the same time, there have not been held arrests yet, but the investigation is ongoing. Investigators study the confidential files found on the servers in order to establish personal owners and users of illegal hosting. It is expected that the evidence collected will help the organizers of the criminal scheme.
Physical shutdown of servers is a rare case in the fight against cybercrime. Most often, such platforms are only blocked at the level of domain names, which does not prevent them from quickly changing the infrastructure and continue to work. However, this case shows that law enforcement agencies are ready to use more stringent measures.
The problem of “bulletproof” hosting remains relevant. Such sites are a key link in the activities of cybercriminals, providing them with complete anonymity. Without such hosting attacks with the use of viruses, botnets and extortion, it would be much more complicated. The authorities of the Netherlands are already calling for tightening legislation, proposing to introduce mandatory identification of customers of hosting providers.
Despite the success of the operation, the fight against cybercrime is far from the end. Such sites continue to work around the world, and criminals are constantly looking for new ways of bypassing locks. However, the arrest of ZSERRES/XHOST has become an important signal for the entire industry of illegal hosting – there is no longer a guarantee of complete impunity.