A Dutch server that was used in a cyberattack against Ukrainian banks and ministries has been taken offline at the request of the police. Two Dutch companies that co-hosted the server confirm this to BNR. One of these companies, SKB Enterprise, has also facilitated the masking of the extreme right to left.
The DDoS attack against Ukrainian authorities on Tuesday was carried out through a server of this company. According to Ukraine, it was the largest cyberattack ever against the country. Previously, this company co-hosted the minister on links that terrified people on the “left”, according to a study by the BNR.
Nu.nl wrote at the time that in 2020 and 2021, this far-right organization had “unmasked politicians, scientists and educators, among others, by publishing their addresses and contact details online”. People were also intimidated at the door. The Vizier op Links website was run from the servers of the Dutch company SKB Enterprise, whose offices are in Amsterdam. BNR visited the company for a wiretap, but was told on the site that it was a mailbox.
According to cybersecurity expert Ricky Jeffers, the Amsterdam tech company has a dubious past: “SKB Enterprise has been involved in controversial and malicious websites in the past. For example, I hosted a website for a far-right organization. Phishing sites were also run from SKB Enterprise servers. Nu.nl wrote that after the company was confronted with the fact that the Vizier op Links website was connected via SKB Enterprise servers, the company deactivated the servers.
Read also | The cyberattack on Ukraine took place through the Amsterdam server
The BNR previously discovered that part of the DDoS attack that hit Ukraine on Tuesday passed through the Netherlands.
The attack looked a lot like a so-called DNS amplification DDoS attack, as cybersecurity expert Gevers puts it: “Attackers abuse servers located in the Netherlands. So, from the victim’s point of view, a large part of the internet traffic comes from the Netherlands.
At the request of the police, SKB Enterprise and Spectra BV, the company that provided the network to SKB, took the server they were using offline. I received an email from the police on Wednesday afternoon asking me to shut down the server. I did it right away,” the owner of SKB Enterprise told BNR. He didn’t want to share with who had rented the server in question. He noted that the police have not yet requested data from the server with which the cyberattack on Ukraine was carried out. Police have not yet been able to confirm the story. “Right now, it makes perfect sense to think the attack is coming from Russia,” Jeffers says, although that could change as well: “But with additional information, that picture could change.”
Jeffers says it’s not unusual that this Dutch firm carried out a cyberattack on Ukraine and previously provided shelter for the far-right online group. With these types of hosting companies, you have a fairly minimal amount of server rental. Then you can, for example, rent relatively anonymously and inexpensively. This makes this kind of practice possible,” the cybersecurity expert said.