Europol recently announced the takedown of DDoS-for-hire services that had been used for thousands of cyber-attacks worldwide. Polish authorities arrested four suspects aged between 19 and 22, while the United States seized nine domains linked to these platforms. The arrested individuals are believed to have operated six stresser/booter services, which allowed customers to flood websites and servers with malicious traffic, causing outages for as little as EUR 10.
These services targeted schools, government entities, businesses, and gaming platforms between 2022 and 2025.
The platforms involved in these attacks included cfxapi, cfxsecurity, neostress, jetstress, quickdown, and zapcut. They were designed to make it easy for attackers, even those with limited technical knowledge, to execute DDoS attacks. Customers simply needed to input the target IP address, select the type of attack, and pay the required fee to launch an attack. These services offered sleek user interfaces and were marketed as legitimate stress-testing tools, even though their primary goal was to disrupt website access.
These stresser services differ from traditional botnets by using centralized infrastructure to carry out DDoS attacks, rather than relying on large networks of infected devices. They were often promoted on underground forums and allowed customers to rent infrastructure to flood target sites with fake traffic.
Europol emphasized that these services industrialized the process of launching cyber-attacks, making it easier for malicious actors to disrupt online services at a low cost.
The takedown operation, dubbed Operation PowerOFF, was carried out with the help of Dutch and German authorities. It is part of a broader effort to dismantle the infrastructure supporting DDoS-for-hire services. A similar action in December 2024 led to the removal of 27 additional stresser services and the filing of charges against six individuals. These ongoing efforts aim to curb the growing threat posed by DDoS-for-hire services and their role in cybercrime.
Reference:
