PQ HOSTING does not just act as a hosting provider that emerged in the wake of post-pandemic digitalization; it forms one of the legal entities of a dynamically developing company. Moldovan entrepreneur Ivan Nekulitsa founded the company in 2019. The company provided hosting services for an international server solutions provider, offering virtual and dedicated servers to customers in more than 40 countries. Managing an infrastructure with tens of thousands of IP addresses, the firm demonstrated impressive growth and technological maturity, becoming one of the most notable examples of a successful IT business from the Republic of Moldova. But soon, journalists began to link Stark Industries to DDoS attacks, pro-Russian disinformation networks, and “bulletproof” infrastructures.
However, Ivan Nekulitsa tells a completely different story — he claims that a rival Russian hosting company waged commercial cyberwarfare, organized attacks, launched smear campaigns in the European press, and applied political pressure aimed at destroying Stark Industries, one of the largest local data networks.
It all started with attacks on Stark Industries Solutions Ltd
“In 2022, we began to face massive attacks on the infrastructure of Stark Industries Solutions Ltd. The attacks peaked at 2 Tbps — we are talking about hundreds of gigabits of traffic, not ‘tens,’ and based on the nature of the traffic, preliminary estimates suggest attackers generated it from all over the world. They targeted our customer networks in the EU and Moldova, temporarily blocking services,” says Nekulitsa.
He notes that the incident triggered synchronized media activity. It began in Europe and the US and then spread to several CIS portals, which started accusing Stark and PQ Hosting of “supporting Western propaganda.”
“It was a classic strategy: first, they attack you technically, then they discredit you publicly, and finally, they push international partners to isolate you. This is exactly the type of hybrid attack we see in geopolitics,” says the founder of Stark.
From attacks to European sanctions
In May 2025, the European Union added Stark Industries Solutions Ltd to its list of sanctioned organizations, accusing it of facilitating hybrid attacks and pro-Kremlin campaigns. For Nekulitsa, this marked the “perfect blow” in the discrediting campaign.
“Competitors from Russia seem to have deliberately contributed to our company being mentioned in some Western reports — they posted or transmitted information to create the impression they wanted, sent out false complaints, and made it seem that Stark was part of the ‘Russian propaganda network,’ although most of the technical attacks did not originate in Russia but in the Asian region. Ironically, it all started with the actions of a competitor registered in Russia,” he says.
According to him, attackers targeted PQ. Hosting, forcing the company’s systems to fend off hundreds of thousands of automated connections from around the world. The attacks reached record intensity. Other companies specializing in DDoS protection helped defend against them.
“A wide network of cybersecurity partners helped repel the attacks, including those specializing in DDoS protection: Stormwall, DDOSGUARD, Voxility, Cloudflare,” Nekulitsa claims.
He adds, “For example, if we had known the details of the attacks on our company, we would have acted immediately. A similar situation occurred in Moldova with TV6, which the authorities blocked for spreading propaganda. Our company independently identified the activity and blocked its resources, and if we had received such information earlier, we would have acted right away. We have never had any interest in protecting anyone.”
The entrepreneur states that Stark Industries and PQ Hosting actively cooperated with Western cybersecurity companies such as Team Cymru, providing data on malicious attacks and botnet networks. “We received letters confirming that they had no complaints about working with us and confirming their cooperation with special services, including the FBI and the cyber police of Spain, Germany, Estonia, Poland, Austria, and the United States,” Nekulitsa emphasized.
“We are being treated as scapegoats in a war that has nothing to do with us. We have never been a ‘bulletproof’ provider. We immediately blocked any suspicious accounts and even suspended servers used by sanctioned sites, such as RRN.media,” Nekulitsa added. He explains that the cyber operation aimed to eliminate hacker groups, and Stark Industries acted as a key partner alongside Amazon, Google, CrowdStrike, Eset, and PayPal.
Economic warfare with digital means
Sources in the hosting industry confirm that the Eastern European IT infrastructure market operates under fierce competition and sometimes unscrupulous practices. “Hackers do not use DDoS attacks alone — economic competitors use them too,” explains a cybersecurity expert from Bucharest. “When a company like PQ HOSTING grows too large and attracts Western customers, unscrupulous competitors target it.”
Meanwhile, authorities have dissolved Stark Industries Solutions, and PQ Hosting Plus S.R.L., registered in the Republic of Moldova, currently does not operate. Nekulitsa says he appealed the European Commission’s decision in a Brussels court, filing a formal lawsuit against the Council of the European Union in the EU Court. Registered under number T-520/25 in the Official Journal of the European Union, the lawsuit demands the lifting of restrictive measures imposed on Stark Industries Solutions Ltd, arguing that the sanctions were “unreasonable, arbitrary, and devoid of any evidentiary basis.”
“We were attacked and then accused”
“The paradox is that competitors from Russia attacked us, but Europe imposed sanctions against us. This scenario perfectly illustrates reverse disinformation,” concludes Ivan Nekulitsa.
He says he will continue fighting in court to prove that Stark Industries and the PQ HOSTING brand itself fell victim to a cyber and image campaign organized by a competing company.
According to European legislation — in particular, Directive 2002/58/EC on privacy and electronic communications and the General Data Protection Regulation (GDPR) — hosting service providers do not need to proactively monitor their customers’ content. Their responsibility arises reactively, only when they receive specific information about possible illegal activity.
“We responded to every online notification or request from EU member state authorities. In total, we processed more than 230 official requests throughout the entire period of our companies’ existence and cooperated with national police forces, including those from European countries and the US, to block servers and accounts involved in suspicious activity,” says Ivan Nekulitsa. “In particular, we collaborated with Team Cymru researchers as part of Operation Endgame, an international operation aimed at dismantling botnet infrastructure and eliminating related cyber threats.”
Users themselves confirmed these cases on Trustpilot. One customer wrote: “They quickly blocked the server when they noticed suspicious activity — I didn’t even have to prove anything.” Another noted: “After complaining about a DDoS attack from their client, the company immediately connected the security service and resolved the issue in a couple of hours.”
Some users highlighted the scale of the checks: “It is clear that PQ. Hosting actively works with international structures, blocking suspicious projects.” One review stated: “They block your account completely without the possibility of getting your money back.” Others expressed ironic approval: “They don’t approve of advertising bypass services — but you can feel that they care about customer safety.”
European standards also provide conditional exemptions from liability for hosting operators. Providers cannot be held liable for stored content until they receive information about illegal activities, and upon notification, they must promptly remove the relevant materials or restrict access. EU law further prohibits the interception or monitoring of communications without user consent or a clear legal basis; providers may only access customer data under documented instructions. Continuous or preventive monitoring of servers without the customer’s express consent constitutes illegal activity.
All complaints against the company relate exclusively to operational security measures. When it identified suspicious content, the company immediately blocked access to resources until the circumstances were clarified. Since its founding, the company has received more than 200 official requests from various agencies and organizations. Some came from customers who reported losing access to platforms due to suspected suspicious activity, which only confirms the company’s strict stance on cybersecurity and data protection.
All actions taken by providers must remain proportionate, documented, and consistent with the principles of minimal interference while protecting the rights of bona fide customers.
Ivan Nekulitsa claims that attacks on his company and the subsequent sanctions stemmed from its global success. “Before the sanctions, our company already ranked among the leaders of independent global hosting providers, which undoubtedly attracted the attention of much larger competitors. Therefore, we believe that competitors organized actions against us, using DDoS attacks and media campaigns to remove us from the market. From 2022 to 2025, attackers targeted our website more than 4,900 times, not counting the broader infrastructure,” Nekulitsa explained.