DDoS-for-Hire Empire Dismantled As Poland Arrests 4 Admins

In a coordinated international operation dubbed “PowerOFF,” law enforcement agencies from Poland, the United States, Europol, and several other countries have dismantled a major DDoS-for-hire ecosystem responsible for enabling millions of distributed denial-of-service attacks globally.

The crackdown culminated in the arrest of four administrators in Poland and the seizure of nine illicit domains by U.S. authorities, which were central to the infrastructure of criminal “booter” and “stresser” services. These platforms allowed users — often with no technical background — to pay small fees in exchange for launching large-scale cyberattacks on websites, online services, or corporate infrastructure.

The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – facilitated widespread attacks between 2022 and 2025.

According to Europol, the action represents a significant blow to the availability and accessibility of such illegal services, which are often used by amateur cybercriminals, hacktivists, and even teenagers to disable services and extort victims.

Law Enforcement Zeroes In on Criminal Infrastructure

The arrests in Poland were carried out by the Central Bureau for Combating Cybercrime (CBZC) in collaboration with the regional prosecutor’s office in Łódź. Authorities searched multiple properties and seized computers, mobile devices, and financial records. All four suspects were alleged to be administrators of criminal platforms offering subscription-based access to DDoS attacks.

The investigation began after the CBZC uncovered links between Polish nationals and a larger criminal network operating globally. The suspects are accused of managing platforms that facilitated attacks against businesses, schools, government portals, and other digital services across Europe and beyond.

Simultaneously, the U.S. Department of Justice seized nine domains that functioned as front-ends for these DDoS-for-hire services. The domains — many of which masqueraded as legitimate network testing tools — have been replaced with a seizure notice as part of the legal action coordinated with international cybercrime units.

Operation PowerOFF: A Global Collaboration

The takedown is the latest success under “Operation PowerOFF,” an ongoing international campaign against DDoS-for-hire marketplaces. The joint initiative includes law enforcement and cyber agencies from the United Kingdom, Germany, the Netherlands, Poland, and the United States, coordinated through Europol’s European Cybercrime Centre (EC3).

In a statement, Europol described the operation as part of a sustained global effort to dismantle the infrastructure that enables cybercriminals to conduct large-scale disruption at the click of a button.

Since PowerOFF launched in 2018, Europol has coordinated multiple waves of disruption targeting booter services. This latest phase focused on infrastructure takedown, arresting operators, and issuing warnings to thousands of users who had previously registered on DDoS-for-hire platforms.

Accessible and Dangerous: The Rise of DDoS-for-Hire

DDoS-for-hire services, often marketed as “stressers,” have lowered the barrier to entry for launching attacks. For as little as $10 to $50, a user can rent access to a service that floods a target’s network with traffic, knocking it offline. While marketed for legitimate testing, these services are overwhelmingly used for criminal purposes — including extortion, competition takedowns, and school disruption.

CBZC reports that the arrested Polish operators had built an international user base and processed payments through cryptocurrency to mask identities. Forensic analysis of seized infrastructure revealed hundreds of thousands of DDoS attacks originating from the platforms.

These services falsely give the impression that cybercrime is low-risk, but authorities are now tracking infrastructure, operators, and even customers of such DDoS-for-hire services.

Continued Pressure on Users and Operators

As part of the operation, thousands of DDoS service users worldwide received “cease and desist” notifications, warning them of the legal risks of engaging in or facilitating cyberattacks. Law enforcement emphasized that users are not anonymous, even when paying in crypto or using VPNs.

Security experts have welcomed the crackdown, noting that while booters remain persistent, targeting their infrastructure disrupts both the supply and demand side of the ecosystem.

“Every seized domain, every arrested admin, and every disrupted wallet makes it harder for these services to operate,” said a Poland-based threat intelligence analyst. “This isn’t just about enforcement — it’s about deterrence.”

Law enforcement agencies have promised to maintain pressure. Europol and CBZC say further arrests and domain seizures are likely as part of the ongoing investigation.

Authorities also encouraged organizations to strengthen DDoS mitigation measures and to report suspected attacks promptly.

“This is a strong signal that cybercrime doesn’t pay,” said Poland’s CBZC in a statement. “We’re not just taking down platforms — we’re dismantling the false sense of impunity behind them.”

Also read: The Era of Web DDoS Tsunamis and Strategies for Defense

Related