53 DDoS Domains Taken Down by Law Enforcement

Summary

In a coordinated international operation called Operation PowerOff, law enforcement agencies from 21 countries dismantled 53 domains operating DDoS-for-hire (booter) services, arrested four individuals, and exposed over 3 million criminal user accounts. The agencies also sent 75,000 warning emails to identified users of these illegal services and executed 25 search warrants. The operation, which has been ongoing for nearly a decade, is now transitioning to a prevention phase involving search engine URL removal, targeted ads, and blockchain warnings.

Full text

Law enforcement agencies in 21 countries this week participated in a coordinated operation targeting distributed denial-of-service (DDoS) attack services and their users, Europol announced. DDoS-for-hire, or booter services, allow miscreants of all types, ranging from people with minimal technological background to proficient threat actors, to disrupt web and telecommunications services for financial gain, ideological purposes, or other motivations. Part of Operation PowerOff, the new law enforcement operation led to the takedown of 53 domains associated with DDoS-for-hire services and the arrest of four individuals. Additionally, 75 000 warning emails and letters were sent to the identified users of these services, and 25 search warrants were executed. The action, Europol explains, was the result of several operational sprints that gathered experts from national authorities to disrupt the illegal booter services and their infrastructure. “Booter services allow users to launch DDoS attacks against targeted websites, servers, or networks. Their infrastructure is made up of servers, databases, and other technical components that make DDoS-for-hire activities possible,” Europol notes.Advertisement. Scroll to continue reading. The sprints resulted in the seizure of infrastructure to prevent further damage. They also led to the exposure of over 3 million criminal user accounts. According to Europol, authorities in Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Norway, Poland, Portugal, Sweden, Thailand, the UK, and the US participated in the operation. Following the takedown, Operation PowerOff will transition to a prevention phase, involving the removal of 100 URLs promoting booter services from search engines, the placement of ads targeting individuals searching for DDoS-for-hire services, and the placement of warnings on blockchains used by cybercriminals. Operation PowerOff has been ongoing for nearly a decade and has resulted in the disruption of dozens of DDoS-for-hire services, including prominent ones such as Webstresser, DigitalStress, Stresser.tech, and many others. Related: Evasive Masjesu DDoS Botnet Targets IoT Devices Related: Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation Related: US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking Related: Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Cisco Patches Critical Vulnerabilities in Webex, ISERansomware Hits Automotive Data Expert AutovistaCapsule Security Emerges From Stealth With $7 Million in Funding100 Chrome Extensions Steal User Data, Create BackdoorMirax RAT Targeting Android Users in EuropeTwo Vulnerabilities Patched in Ivanti Neurons for ITSM Fortinet Patches Critical FortiSandbox VulnerabilitiesSAP Patches Critical ABAP Vulnerability Latest News Cursor AI Vulnerability Exposed Developer DevicesGovernment Can’t Win the Cyber War Without the Private SectorOpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos RevealData Breach at Tennessee Hospital Affects 337,000Artemis Emerges From Stealth With $70 Million in FundingSplunk Enterprise Update Patches Code Execution VulnerabilityMicrosoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking ContestNIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveThreatModeler has appointed Kevin Gallagher as Chief Executive Officer.Thomas Bain has been appointed Chief Marketing Officer at Silent Push.The United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure.More People On The MoveExpert Insights Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• domain — Stresser.tech

Entities