Sanctions Prove Ineffective Against Pro-Kremlin Host

In May 2025, the European Union imposed sanctions on Stark Industries Solutions Ltd., a bulletproof hosting provider notorious for supporting Kremlin-linked cyberattacks and disinformation campaigns since its emergence just before the 2022 invasion of Ukraine. However, new research indicates these sanctions have failed to disrupt the provider’s operations. Stark Industries effectively sidestepped the penalties by rebranding and transferring its infrastructure to a network of newly established corporate entities.

The EU sanctions targeted one of Stark’s key internet providers, Moldova-based PQ Hosting, and its owners, the Neculiti brothers. According to a report from Recorded Future, the brothers received advance warning of the sanctions, allowing them to orchestrate a rapid corporate shuffle.

A Web of Shell Companies and Familiar Faces

Anticipating the sanctions, Stark Industries began moving its assets. The operation rebranded as the[.]hosting, operating under a Dutch company named WorkTitans BV. Concurrently, a new Moldovan entity, PQ Hosting Plus S.R.L., was created, linked back to the original owners through a reused phone number. This maneuver allowed the core infrastructure to remain active under new legal umbrellas.

Investigations revealed that a second, unsanctioned pillar of Stark’s network, Netherlands-based MIRhosting, played a crucial role. Evidence shows MIRhosting employees are managing the new entities. WorkTitans BV was established by Youssef Zinad, who, despite not listing it on his professional profile, is identified in communications as part of MIRhosting’s legal team and is an official contact for the company. These connections demonstrate that the EU’s actions were largely symbolic, as the same network continues its operations with impunity under a different name.