Alleged German DDoS-for-Hire Kingpin Behind Fluxstress Caught in Thailand

Summary

Noah Christopher, a 27-year-old German national, was arrested in Bangkok, Thailand after a years-long investigation by German and EU law enforcement. Between 2021 and 2025, Christopher allegedly operated Fluxstress and Neldowner, two Cybercrime-as-a-Service platforms that enabled global customers to launch DDoS attacks for cryptocurrency payments. He faces 74 warrants in Germany for ransomware and hacker-for-hire platform crimes, though Fluxstress reportedly remains operational.

Full text

Cyber Crime SecurityAlleged German DDoS-for-Hire Kingpin Behind Fluxstress Caught in Thailand Alleged German cybercrime figure behind Fluxstress and Neldowner arrested in Thailand after years running global DDoS-for-hire services across countries. byDeeba AhmedApril 13, 20262 minute read Noah Christopher, a German national, was at his luxury flat in Thong Lor Soi 25 when he was arrested by Thai police last Friday. Christopher, 27, was arrested from the Watthana district of Bangkok following a years-long investigation by the German and EU law enforcement authorities. In the world of cybercrime, Christopher was a known figure. Between 2021 and 2025, he allegedly ran a Cybercrime-as-a-Service (CaaS) business to earn money. He, reportedly, created and operated two notorious CaaS platforms called Fluxstress and Neldowner that provided tools for hire. These platforms allowed customers anywhere in the world to launch Distributed Denial of Service (DDoS) attacks in which hackers bombard a website with so much fake traffic that it collapses and stops working for real users. Further investigation revealed that customers paid for these services in Bitcoin and other digital currencies because these transactions are hard to trace. Since the damage was spread across several countries, investigators noted that this was a serious case of transnational crime. A Long Flight from Europe Although a lot was known about Christopher, he was a difficult man to catch, as before moving to Thailand, he went into hiding in Dubai and China. Eventually, the German Federal Security Service managed to locate him and contacted Thai police for help. Thai authorities cancelled his visa on April 9 under Section 12(7) of the Immigration Act, and he was arrested the very next day. Noah Christopher being interrogated by Thai police Image via: Bangkok Post Despite his arrest, the threat he created may still be active. According to an X post from Jacob Sims (@jacobincambodia), a regional cybercrime expert, at least one of his platforms, Fluxstress, still seems to be online and working. Thai immigration officers are now inspecting his computers to see if he launched any attacks against local Thai businesses while living in the city. Christopher is now waiting to be extradited to Germany, where he will face 74 different warrants for crimes involving ransomware and platforms that let people hire hackers for dozens of private attacks. Pol Lt Gen Phanumas Boonyalak, the Immigration Bureau’s commissioner, noted that Thai police will now closely inspect foreigners who might be hiding in the country, and authorities are now working to find individuals sought by Interpol or other security agencies who could be a risk to the public. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts BangkokCaaSCyber CrimeCybersecurityDDOSFluxstressGermanyMalwareNoah ChristopherRansomwareThailand Leave a Reply Cancel reply View Comments (0) Related Posts Cyber Crime Phishing Scam iCloud phishing scam – Man stole private photos of 620,000 women LA County resident booked in iCloud phishing scam pretended to be an Apple agent and stole 620,000 photos, 9,000 videos of 306 young women. byWaqas Cyber Attacks Cyber Crime Cyber Events Anonymous hackers take down Mossad website against Gaza attacks The hacktivist group Anonymous has claimed responsibility of taking down the official website of Israeli intelligence agency Mossad… byWaqas Security Leaks Privacy Telegram leaked IP addresses of its desktop app users The vulnerability affected Telegram’s desktop app for Windows, Mac, and Linux OS. Telegram, a popular privacy-focused instant messaging… byWaqas News Malware Security Technology Fake WHO Safety Emails on COVID-19 Dropping Nerbian RAT Across Europe The novel Nerbian RAT (remote access trojan) is currently targeting’ entities in Spain, Italy, and the United Kingdom. byDeeba Ahmed

Indicators of Compromise

• malware — Fluxstress
• malware — Neldowner

Entities