The European Union has formally sanctioned web-hosting provider Stark Industries, along with its CEO Iurie Neculiti and owner Ivan Neculiti, for facilitating destabilizing cyber activities aligned with Russian interests. The company was cited for enabling disinformation, interference operations, and cyberattacks against the EU and its partners.
“They have been acting as enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber-attacks against the Union and third countries,”
— Council of the European Union
This move is part of a broader action targeting 21 individuals and six entities connected to Russia’s foreign influence and hybrid threat campaigns.
Hosting Infrastructure Linked to FIN7 and Disinformation Campaigns
Stark Industries, incorporated in the United Kingdom, offers VPS and VDS server hosting in multiple locations, including the UK, Netherlands, Germany, France, Turkey, and the U.S. The service accepts cryptocurrency payments—including Bitcoin, Monero, Dash, and Ether—that can obscure payment origins.
Public reporting and past investigations have highlighted Stark Industries as a “bulletproof hosting provider.” Despite these allegations, the company also supported threat researchers in uncovering infrastructure used by FIN7, also known as Sangria Tempest or Carbon Spider.
A May 2024 report by German nonprofit CORRECTIV stated that Stark Industries was founded just two weeks before Russia invaded Ukraine. Their servers have since been linked to disinformation efforts and DDoS attacks that benefited Russian interests.
In July 2023, cybersecurity firm Silent Push published research identifying Stark Industries IP addresses used exclusively by FIN7 for malicious operations.
“Our threat analysts have discovered numerous Stark Industries IPs that are solely dedicated to hosting FIN7 infrastructure,”
— Silent Push
Shortly after, researchers from Team Cymru disclosed they had been collaborating with Stark Industries for months to address abuse on their platform. Following the Silent Push report, Team Cymru and Stark Industries coordinated efforts to dismantle FIN7’s infrastructure.
BleepingComputer contacted the European Council regarding whether the sanctions factored in this cooperation, but no further details were provided.
Sanctions Also Target Russian-Aligned Media and Espionage Entities
The updated EU sanctions list also includes media outlets and companies accused of spreading pro-Russian propaganda or supporting espionage operations:
- Voice of Europe and African Initiative media agencies for disseminating Russian narratives
- AFA Medya and its founder Hüseyin Doğru, a Turkish media entity accused of alignment with Russian disruption efforts
- Norebo JSC and Murman Sea Food, named for involvement in a Russian surveillance campaign and espionage against undersea infrastructure
- General Radio Frequency Center (GRFC) for conducting electronic warfare, including GPS jamming and spoofing in the Baltic region affecting civil aviation
“Those designated today will be subject to an asset freeze and EU citizens and companies will be forbidden from making funds available to them,”
— Council of the European Union
The sanctioned individuals are also barred from entering or transiting through EU territory.
