Officials seize 53 DDoS-for-hire domains in ongoing crackdown

Summary

In a coordinated law enforcement action across 21 countries, authorities dismantled 53 DDoS-for-hire domains and arrested four individuals involved in distributed denial-of-service operations. The operation, called Operation PowerOFF, seized infrastructure supporting booter services and obtained data on over 3 million criminal user accounts, ultimately sending warnings to 75,000 alleged participants to cease activities. The crackdown targeted easily accessible DDoS tools used for extortion, competition disruption, and hacktivism across multiple continents.

Full text

Authorities from 21 countries took down 53 domains and arrested four people allegedly involved in distributed denial-of-service operations used by more than 75,000 cybercriminals, Europol said Thursday. The globally coordinated effort dubbed “Operation PowerOFF” disrupted booter services and seized and dismantled infrastructure, including servers and databases, that supported the DDoS-for-hire services, officials said. Law enforcement agencies obtained data on more than 3 million alleged criminal user accounts from the seized databases, and ultimately sent more than 75,000 emails and letters to participants, warning them to halt their activities. Officials from the countries involved in the operation also served 25 search warrants, removed more than 100 URLs advertising DDoS-for-hire services in search engine results and created search engine ads to target young people searching for DDoS-for-hire tools. The operation, which is ongoing, primarily targets IP stressors or DDoS booters that cybercriminals use to inundate websites, servers and networks with junk traffic, rendering legitimate services inaccessible. Officials described DDoS-for-hire tools as prolific and easily accessible, often including tutorials that allow non-tech savvy people to initiate attacks on various organizations. “Attacks are often regionally focused, with users targeting servers and websites within their continent, and directed at a wide range of targets including online marketplaces, telecommunications providers and other web-based services,” Europol said in a news release. “Motivations vary from curiosity to ideological purposes linked to hacktivism, as well as financial gain through extortion or the disruption of competitors’ services.” Operation PowerOFF is supported by multiple law enforcement agencies from the United States, United Kingdom, Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Norway, Poland, Portugal, Sweden and Thailand. The international crackdown disrupted other popular DDoS-for-hire services in late 2024, netting three arrests and 27 domain takedowns. Authorities in Poland in May arrested four alleged administrators of DDoS-for-hire tools that cybercriminals used to launch thousands of attacks from 2022 to 2025. Share Facebook LinkedIn Twitter Copy Link

Indicators of Compromise

• malware — DDoS booters / IP stressors

Entities