Bulletproof hosting firm Linked to Sanctioned Stark Industries Rapidly Rebrands, Remains Operational
A Russian-owned bulletproof hosting provider sanctioned by the European Union for supporting cybercriminal activity has successfully evaded restrictions by rebranding and quickly re-establishing services, according to research published by KrebsOnSecurity. The firm, initially known as Stark Industries, continues to operate under new names, offering infrastructure to malicious actors despite EU efforts to disrupt its operations.
The EU sanctioned Stark Industries in May 2024 for providing essential services to ransomware groups and other cybercriminals. However, a new report details how the company, linked to Youssef Zinad, rapidly transitioned its infrastructure and services, demonstrating the challenges of effectively combating resilient, adaptable cybercriminal infrastructure. This poses an ongoing threat to organizations worldwide vulnerable to attacks launched from these platforms.
KrebsOnSecurity’s investigation reveals a network of shell companies and individuals connected to Stark Industries’ continued operation. The hosting firm appears to have rebranded and is now operating through entities including MIRhosting and worktitans. A Google search for Youssef Zinad identifies him as the founder of [.]hosting, hosted by PQ hosting Plus S.R.L., according to censys.io.
Further investigation links WorkTitans‘ sole shareholder to Fezzy BV,a company in Almere,Netherlands. The phone number listed for Fezzy BV – 31651079755 – was also used to register a Facebook profile for a Youssef Zinad from the same town, as identified by breach tracking service Constella Intelligence. Zinad’s LinkedIn profile prominently features posts promoting MIRhosting’s services.
Email exchanges preceding KrebsOnSecurity’s May 2024 report on Stark Industries show Zinad (youssef@mirhosting.com) included in communications as part of the company’s legal team. He is also listed as an official contact for MIRhosting’s Almere offices on the dutch website stagemarkt[.]nl. Requests for comment from Zinad went unanswered.
Recorded Future’s analysis of Stark’s rebranding concluded that the EU sanctions were “largely ineffective, as affiliated infrastructure remained operational and services were rapidly re-established under new branding, with no meaningful or lasting disruption.” The findings underscore the need for more thorough and adaptable strategies to counter the evolving tactics of bulletproof hosting providers and thier clientele.
