An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals.
The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to databases containing over 3 million criminal user accounts. Authorities are also sending warning emails and letters to the identified criminal users, and 25 search warrants have been issued.
As many as 21 countries participated in the action: Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the U.K., and the U.S.
"Booter services allow users to launch DDoS attacks against targeted websites, servers, or networks," Europol said in a statement. "Their infrastructure is made up of servers, databases, and other technical components that make DDoS-for-hire activities possible. By seizing these infrastructures, authorities were able to hinder these criminal operations and prevent further damage to victims."
The agency described DDoS-for-hire as one of the most prolific and easily accessible trends in cybercrime, as it allows even individuals with little to no technical knowledge to execute malicious attacks at scale and inflict significant damage to busin
Europol also noted that DDoS activity can originate from well-resourced and skilled threat actors, who could rely on such services to customize or optimize their illicit activities. DDoS attacks often tend to target various web-based services, with the motivations behind them as varied as they are broad.
This ranges from simple curiosity and financial gain through extortion to hacktivism driven by ideological reasons and disruption of competitors' services. Some operators of these services have been found to mask their true motives and escape law enforcement scrutiny by disguising them as stress-testing tools.
The development marks the latest step taken by authorities to dismantle criminal DDoS-for-hire infrastructures worldwide as part of PowerOFF. In August 2025, the U.S. government announced the takedown of a DDoS botnet called RapperBot that was used to conduct large-scale disruptive attacks targeting victims in over 80 countries since at least 2021.
U.S. Authorities Disrupt DDoS IoT Botnet Services
In a parallel announcement, the U.S. Department of Justice (DoJ) said court-authorized actions were undertaken to disrupt some of the world's leading DDoS Internet of Things (IoT) botnet services as part of its ongoing commitment to hold DDoS botnet administrators responsible and seize websites that allow paying users to launch potent DDoS attacks.
These attacks are designed to inundate websites, servers, and networks with junk traffic, degrading access to legitimate services, causing performance bottlenecks and, in some cases, rendering them completely offline.
The DoJ said U.S. authorities seized services associated with eight DDoS-for-hire domains, including Vac Stresser and Mythical Stress, both of which claim to launch thousands of DDoS attacks per day. It also said an advertising campaign has been launched to deter potential cybercriminals searching for DDoS services in the U.S. and elsewhere and to alert the public about the illegality of DDoS attacks.
The names of the domains associated with the booter services are listed below -
- vacstresser[.]net
- mythicalstress[.]com
Visitors to the sites are now greeted by a seizure banner that reads: "DDoS attacks are illegal. For years law enforcement agencies around the world have seized booter databases, arrested administrators, and collected information relating to the operation of these services, including information on the customers of these services. Anyone operating or utilizing DDoS services is subject to investigation, prosecution, and other law enforcement action."
