Information about a cyber-attack facilitator in the Netherlands

A small web hosting provider with servers in the Netherlands and Romania has been a hotbed of targeted attacks and advanced persistent threats (APT) since early 2015. Starting from May 2015 till today we counted over 100 serious cyber attacks that originated from servers of this small provider. Pawn Storm used the servers for at least 80 high profile attacks against various governments in the US, Europe, Asia, and the Middle East. Formally the Virtual Private Server (VPS) hosting company is registered in Dubai, United Arab Emirates (UAE). But from public postings on the Internet, it is apparent that the owner doesn’t really care about laws in UAE. In fact, Pawn Storm and another threat actor attacked the UAE government using servers of the VPS provider through highly targeted credential
phishing. Other threat actors like DustySky (also known as the Gaza hackers) are also regularly using the VPS provider to host their command-and-control (C&C) servers and to send spear phishing e-mails.