Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
Operation PowerOFF warns 75k DDoS users, arrests 4, takes down 53 domains across 21 countries.
Summary
Europol-coordinated Operation PowerOFF, spanning 21 countries including EU, US, UK, Australia, and Japan, identified and warned over 75,000 individuals using DDoS-for-hire platforms. The operation resulted in 4 arrests, 53 domain takedowns, 25 search warrants, and disrupted illegal booter services that rent DDoS swarms comprising compromised routers and IoT devices. The action marked a shift toward prevention, including search engine delisting, awareness campaigns targeting youth, and blockchain-based payment warnings.
Full text
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains By Bill Toulas April 16, 2026 06:26 PM 0 More than 75,000 individuals using distributed denial-of-service (DDoS) platforms for disruptive attacks have been warned through emails and letters during the latest phase of the Operation PowerOFF international law enforcement action. The ongoing operation is supported by Europol and involves authorities in 21 countries. Coordinated efforts led to the arrest of four people, taking offline 53 domains, and issuing 25 search warrants. “Leading up to the action week, a series of operational sprints took place, gathering experts from national authorities across the globe to carry out actions against high-value target users of DDoS-for-hire platforms and raise awareness about the illegality of these activities,” Europol says. “During these sprints, the participating countries disrupted illegal booter services, dismantling the technical infrastructure that supports illegal DDoS.” The operation has a global span, and includes multiple European Union countries as well as Australia, Thailand, the United States, the United Kingdom, Japan, and Brazil. Latest Operation PowerOFF reachSource: Europol “Booter services” are DDoS-for-hire platforms that allow users to pay for renting the firepower of DDoS swarms, typically consisting of compromised routers and IoTs, and directing it to their intended targets. Some operators of these services attempt to hide their real goal by claiming they are used for legitimate stress testing, but lack verification of target ownership and hence are still used for illegal attacks. The latest Operation PowerOFF action was built on previous phases that resulted in dismantling key infrastructure and seizing databases with more than 3 million criminal accounts. Europol states that the operation is now entering its prevention phase, which includes launching awareness campaigns and disruption measures. These involve placing search engine ads aimed at young people seeking DDoS tools, removing from search results more than 100 URLs that promote these illegal services, and adding on-chain warning messages tied to illicit payments. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: International joint action disrupts world’s largest DDoS botnetsInterpol operation Synergia takes down 1,300 servers used for cybercrimeInterpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41Europol-led crackdown on The Com hackers leads to 30 arrestsSpain arrests suspected hacktivists for DDoSing govt sites
Indicators of Compromise
- malware — DDoS-for-hire platforms / booter services