DDoS-for-hire operation taken down in major police sting
Police in Poland, The Netherlands, Germany, and the US ran a coordinated action

- Europol announced shutting down multiple stresser/booter services in the EU
- Four people were arrested in Poland
- Law enforcement in The Netherlands, Germany, the US, and Poland, participated in Operation PowerOFF
Law enforcement has dismantled a major DDoS-for-hire operation, and arrested four individuals suspected of running it.
In a press release, the international police force said the arrests were part of Operation PowerOFF, an ongoing effort targeting the infrastructure behind DDoS-for-hire activity.
Polish authorities arrested four people who are suspected of running multiple stresser/booter services: Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)
Chats leaked
These services are thought to have facilitated “widespread attacks on schools, government services, businesses, and gaming platforms” between 2022 and 2025.
They featured a “slick” interface that lowered the barrier for entry: users didn’t need any particular technical knowledge to mount an attack. All they needed to do was know the victim’s IP address, and to have €10 to pay for the attack (the cost would increase depending on the desired length of the attack).
As part of the effort, Dutch authorities were deploying fake booter sites, designed to warn users looking for DDoS-for-hire services. They also seized data from booter websites hosted in data centers in the Netherlands, providing their partners with crucial information needed to make the arrests.
In the US, the police seized nine domains associated with booter services, and in Germany, the police identified one of the suspects. Europol said it provided analytical and operational support throughout the investigation.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The difference between usual DDoS botnets and stresser/booter services is that DDoS botnets are usually run by a single threat actor, which also works on expanding the botnet by deploying backdoors and malware.
Stresser/booter services, on the other hand, are advertised as a white hat solution, offering a “legitimate” service to test the resilience of a network or a website. However, in most cases, these are just cover-ups for obvious illegal activities, which is why law enforcement usually shuts them down.
You might also like
- Largest DDoS attack of 2025 so far was triggered by Alexander Ovechkin tying NHL Wayne Gretzky’s record
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.