Global Operation Seizes 53 DDoS-for-Hire Domains, Arrests Four Suspects

Law enforcement agencies from 21 countries executed a coordinated takedown of 53 domains linked to distributed denial-of-service (DDoS) operations, resulting in the arrest of four individuals, Europol announced on Thursday.

The global crackdown, codenamed Operation PowerOFF, disrupted booter services and dismantled the infrastructure—including servers and databases—supporting these illegal DDoS-for-hire activities.

Key Outcomes of the Operation

• Seizure of 53 domains and arrest of four suspects involved in DDoS-for-hire services.
• Data extracted from seized databases revealed over 3 million alleged criminal user accounts.
• More than 75,000 warning emails and letters were sent to participants, urging them to cease illegal activities.
• 25 search warrants were executed, and over 100 URLs advertising DDoS-for-hire services were removed from search engine results.
• Search engine ads were created to target young individuals searching for DDoS-for-hire tools.

Targeting DDoS-for-Hire Services

The operation primarily focused on dismantling IP stressors or DDoS booters, which cybercriminals use to flood websites, servers, and networks with malicious traffic, rendering legitimate services inaccessible.

Europol highlighted the accessibility of these tools, noting they often include tutorials that allow even non-technical individuals to launch attacks.

"Attacks are often regionally focused, with users targeting servers and websites within their continent, and directed at a wide range of targets including online marketplaces, telecommunications providers, and other web-based services. Motivations vary from curiosity to ideological purposes linked to hacktivism, as well as financial gain through extortion or the disruption of competitors’ services."

Global Collaboration and Ongoing Efforts

Operation PowerOFF involved law enforcement agencies from 21 countries, including the United States, United Kingdom, Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Norway, Poland, Portugal, Sweden, and Thailand.

This crackdown follows a similar operation in late 2024, which resulted in three arrests and the takedown of 27 domains. Additionally, Polish authorities arrested four alleged administrators of DDoS-for-hire tools in May, suspected of launching thousands of attacks between 2022 and 2025.