Visualização de leitura

↗️

Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered

✇Security Affairs
Por:Pierluigi Paganini

Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts.

Operation PowerOFF is an international law enforcement action that dismantled 53 domains linked to DDoS-for-hire services used by over 75,000 cybercriminals. Authorities arrested four suspects, seized infrastructure, and gained access to databases containing more than 3 million user accounts. They are now warning identified users, while continuing investigations with multiple search warrants.

DDoS-for-hire services, or “booters,” are illegal platforms that let users pay to launch DDoS attacks that flood websites or servers with traffic, causing outages. They are used for harassment, extortion, or disruption and can lead to serious legal consequences for users.

“On 13 April 2026, 21 countries joined forces in a coordinated action week that focused on enforcement and prevention measures against over 75 000 criminal users engaging in distributed denial-of-service (DDoS)-for-hire services.” reads the press release published by EUROPOL. “With over 75 000 warning emails and letters being sent to identified criminal users and 4 arrests, the action week also led to the takedown of 53 domains and the issuing of 25 search warrants.”

21 countries participated in the law enforcement operation PowerOFF: Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the U.K., and the U.S.

Authorities disrupted booter services by seizing servers and infrastructure used to launch attacks, limiting further harm. Access to seized databases with over 3 million user accounts enabled coordinated global actions against cybercriminals and raised awareness about the illegality of these services.

Operation PowerOFF continues with a strong prevention phase to stop future DDoS attacks. Authorities launched campaigns targeting users, including ads warning young people searching for attack tools, removal of over 100 malicious URLs, and warning messages sent via blockchains used for payments. They also updated the official website to highlight ongoing actions and raise awareness about the risks and illegality of DDoS-for-hire services.

Authorities continue dismantling global DDoS-for-hire networks under Operation PowerOFF. In August 2025, the U.S. also took down the RapperBot botnet, used for large-scale attacks across more than 80 countries since 2021.

In December 2024, law enforcement agencies operating under Operation PowerOFF disrupted 27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks. The authorities also arrested three administrators of these platforms in France and Germany, and identified over 300 users.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Operation PowerOFF)

↗️

75,000 DDoS-for-Hire Users Reprimanded as Authorities Seize Dozens of Domains

✇Firewall Daily – The Cyber Express
Por:Mihir Bagwe

DDoS-for-Hire, Operation PowerOFF, Europol, U.S. Department of Justice

Law enforcement agencies across Europe, the United States, and other partner nations cracked down on the commercial DDoS-for-hire ecosystem, targeting both operators and customers of services used to knock websites offline.

The coordinated effort led to the seizure of 53 domains, four arrests, 25 search warrants, and warning notices sent to more than 75,000 people suspected of using so-called “booter” or “stresser” platforms.

A Crackdown on DDoS-for-Hire

DDoS-for-hire platforms allow customers to pay relatively small fees to launch distributed denial-of-service attacks against websites, gaming services, businesses, and public infrastructure. In fact, AI-driven threat intelligence company Cyble, in a new research report released today said, DDoS was the primary mode of attack during the ongoing Iran-Israel and U.S. conflict. Cyble recorded a 140% increase in DDoS attacks targeting Israeli entities after September 2025, and at the height of the conflict, saw 40 DDoS attacks per day.

These DDoS-for-hire services often market themselves as legitimate stress-testing tools, but authorities say they are widely abused for harassment, extortion, and disruption.

The latest enforcement wave is part of the long-running international initiative known as "Operation PowerOFF," which has previously dismantled multiple booter services and disrupted related infrastructure.

Read: DDoS-for-Hire Empire Dismantled as Poland Arrests Four, U.S. Seizes Nine Domains

U.S. Authorities Seize Key Infrastructure

The U.S. Department of Justice said investigators in Alaska seized infrastructure linked to eight DDoS-for-hire domains, including services branded as Vac Stresser and Mythical Stress, both of which allegedly advertised the ability to launch tens of thousands of attacks per day. Investigators also searched backend servers tied to the platforms.

Officials did not immediately identify those behind the services, but said the action was intended to disrupt the technical backbone used to power attacks globally.

75,000 Users Contacted Directly

In one of the more unusual aspects of the operation, authorities contacted more than 75,000 suspected users directly through warning emails and letters.

Law enforcement agencies appear to be using deterrence alongside takedowns—sending a message that paying for DDoS attacks leaves a trail and may bring legal consequences.

Security experts say the tactic could be particularly effective against younger or low-level offenders who use these platforms for gaming disputes, personal retaliation, or vandalism without fully understanding the legal risks.

Investigators said they identified around three million criminal accounts connected to the wider DDoS-for-hire ecosystem. The sheer number of accounts shows how industrialized cybercrime services have become. Instead of building botnets or malware, users can simply rent attack capability on demand.

DDoS attacks overwhelm a target with traffic, often causing websites, applications, or networks to crash. While sometimes dismissed as nuisance attacks, they can disrupt hospitals, financial institutions, government portals, and emergency services.

Recent years have also seen DDoS attacks used as smokescreens to distract security teams while other intrusions unfold.

Read: Europol Issues Public Alert: ‘We Will Never Call You’ as Phone and App Scams Surge

A Persistent Cat-and-Mouse Game

Despite repeated takedowns, booter services often reappear quickly under new names, new domains, or relocated hosting providers. Researchers have found that while seizures can significantly reduce traffic in the short term, the market has proven resilient over time.

That means operations like PowerOFF may need to combine arrests, infrastructure seizures, financial disruption, and user deterrence to have lasting impact.

❌