In a major international operation, law enforcement agencies have taken down 53 domains and arrested four individuals connected to commercial distributed denial-of-service (DDoS) services used by more than 75,000 cybercriminals.
The ongoing effort, codenamed Operation PowerOFF, involved coordinated action across 21 countries including Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the UK, and the US.
Authorities seized critical infrastructure, gained access to databases containing over 3 million criminal user accounts, issued 25 search warrants, and began sending warning notifications to identified users.
What Are DDoS-for-Hire Services?
DDoS-for-Hire Services are also referred to as "Booters" or "Stressers," and provide individuals with an opportunity to launch massive Distributed Denial of Service attacks against any website or server (or entire networks) with very little technical knowledge and for a fee. These services have been described by Europol as being among the easiest and most commonly used types of cybercrime.
While some operators market their services as “stress testing” tools, they are frequently used for extortion, competitive sabotage, hacktivism, or simple disruption.
Key Achievements of Operation PowerOFF
1. 53 domains taken down disrupting the technological infrastructure used by several booter services.
2. Four arrests made who were key individuals running the operations.
3. Gained access to over 3 million user accounts that will give law enforcement helpful intel to continue their investigations.
4. Warning letters or emails sent to identified criminal users as a deterrent.
5. 21 countries working together in a coordinated effort to combat the DDoS issue.
This operation is part of a larger effort that involved several countries, including the takedown of RapperBot DDoS botnet in August of 2025 which had been utilized to perform DDoS attacks on unknowing victims across over 80 countries since 2021.
Why This Matters
DDoS attacks are a significant threat to businesses, governments and infrastructure. Even short interruptions have been shown to cause large financial impacts, damage to a company's reputation or disrupt essential services. By going after the "DDoS-as-a-Service" ecosystem, authorities are attacking the supply side of the criminal enterprise.
With more than 75,000 cybercriminals actively utilizing these services, they are now widely used and have been expanded and democratized throughout the world.
What Organizations Should Do
1. Improve DDoS mitigation methods : Cloud based DDoS mitigation techniques, “scrubbing” of traffic, strong Network design
2. Observe abnormal spikes in network traffic : Identify early to minimize losses
3. Investigate 3rd party vendors and service usage : Ensure that all external service providers offer DDoS protections
4. Stay current with the threat landscape : Follow updates from Europol, CISA, and your national cyber security agency regarding ongoing DDoS operations
The intent behind Operation PowerOFF is to provide clear evidence that law enforcement will work together with other agencies to take down the underlying infrastructure that allows for numerous cyber criminal activities to take place, not just individual perpetrators.
As new services are created there will need to be international cooperation and proactive measures taken to help protect the overall Digital Ecosystem.
FAQ Section
Q1: What are "booter" or "stresser" services?
These are illegal platforms offering DDoS-for-hire capabilities. Users pay to use these to initiate DDoS attacks. Although these are often referred to as "stress-testing," these services are in fact providing illegal capabilities to perform a denial-of-service attack against a victim.
Q2: Why is Operation PowerOFF important?
By disrupting supply-chain capabilities used to propagate these types of attacks against lawful organizations, it not only removes capabilities used by cybercriminals, but also sends a message of international cooperation among law enforcement agencies against cyber crime.
Q3: What should organizations be doing to protect themselves from DDoS attacks?
They should have DDoS mitigation capabilities in place, be proactive about monitoring for unusual traffic activity, and continuously maintain the effectiveness of their security capabilities.
Source: The Hacker News
