The May 18 arrests in the Netherlands of Youssef Z. and Andrey N. mark a rare successful strike against the corporate and physical layers sustaining Russian cyber operations. By using Dutch entities like WorkTitans and Mirhosting as fronts, Stark Industries evaded EU sanctions imposed after the 2022 invasion, rerouting servers to maintain DDoS and disinformation campaigns by groups such as NoName057(16). This restructuring, executed just weeks before sanctions, reveals how sanctioned Moldovan operators quickly adapted by laundering infrastructure through European proxies—an underreported pattern also seen in prior takedowns of RUAG and Trickbot affiliates. The operation seizes over 800 servers across Dronten and Schiphol data centers, disrupting not only criminal abuse but state-tolerated hybrid warfare tools. Unlike typical botnet disruptions, this case targets the sanctioned entity's post-invasion migration, highlighting gaps in real-time sanctions enforcement that allow rapid infrastructure pivots. Comparable actions, including the 2024 EU listings against Russian hosting providers and U.S. actions against Hydra Market enablers, suggest an emerging transatlantic focus on physical hosting as a chokepoint. However, the FIOD release underplays the direct ties to Kremlin-aligned interference documented in de Volkskrant's investigation and EU sanctions dossiers, missing the strategic signal that Western jurisdictions are increasingly willing to prosecute enablers of hybrid threats.