Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

Summary

An international law enforcement operation called Operation PowerOFF has dismantled commercial DDoS-for-hire services across 21 countries, seizing 53 domains, arresting four individuals, and obtaining access to databases containing over 3 million criminal user accounts. The operation targeted booter services that enabled over 75,000 cybercriminals to launch distributed denial-of-service attacks with minimal technical knowledge. Authorities are sending warning notifications to identified criminal users and issuing search warrants as part of the ongoing effort to disrupt DDoS infrastructure worldwide.

Full text

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts Ravie LakshmananApr 17, 2026DDoS / Cybercrime An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to databases containing over 3 million criminal user accounts. Authorities are also sending warning emails and letters to the identified criminal users, and 25 search warrants have been issued. As many as 21 countries participated in the action: Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the U.K., and the U.S. "Booter services allow users to launch DDoS attacks against targeted websites, servers, or networks," Europol said in a statement. "Their infrastructure is made up of servers, databases, and other technical components that make DDoS-for-hire activities possible. By seizing these infrastructures, authorities were able to hinder these criminal operations and prevent further damage to victims." The agency described DDoS-for-hire as one of the most prolific and easily accessible trends in cybercrime, as it allows even individuals with little to no technical knowledge to execute malicious attacks at scale and inflict significant damage to busin Europol also noted that DDoS activity can originate from well-resourced and skilled threat actors, who could rely on such services to customize or optimize their illicit activities. DDoS attacks often tend to target various web-based services, with the motivations behind them as varied as they are broad. This ranges from simple curiosity and financial gain through extortion to hacktivism driven by ideological reasons and disruption of competitors' services. Some operators of these services have been found to mask their true motives and escape law enforcement scrutiny by disguising them as stress-testing tools. The development marks the latest step taken by authorities to dismantle criminal DDoS-for-hire infrastructures worldwide as part of PowerOFF. In August 2025, the U.S. government announced the takedown of a DDoS botnet called RapperBot that was used to conduct large-scale disruptive attacks targeting victims in over 80 countries since at least 2021. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  botnet, Cybercrime, cybersecurity, ddos, digital forensics, Europol, law enforcement Trending News Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Block the Prompt, Not the Work: The End of "Doctor No" BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems AI Will Change Cybersecurity. Humans Will Define Its Success. A Lesson No Algorithm Can Teach The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority Popular Resources Learn How to Block Breached Passwords in Active Directory Before Attacks Get Full Visibility into Vendor and Internal Risk in One Platform [Guide] Get Practical Steps to Govern AI Agents with Runtime Controls Secure Your AI Systems Across the Full Lifecycle of Risks

Indicators of Compromise

• malware — RapperBot

Entities