INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
PowerOFF DDoS-for-hire takedown
| 2026-04-17 18:30 LOW HIGHExecutive Summary AI-generated
The global landscape of distributed denial-of-service, or DDoS-for-hire attacks has seen a surge in recent incidents. Law enforcement agencies worldwide have been working tirelessly to disrupt the industry, arresting administrators and seizing databases in dozens of countries as part of Operation PowerOFF. Despite years of effort, DDoS services continue to proliferate, offering a low barrier to entry for users seeking cybercriminal activity. The Justice Department has charged over 100 individuals with facilitating these services, while Polish police arrested four people allegedly operating six different sites, offering their services for as little as 10 euros. Europol added that the recent actions are part of an "operational sprint" where countries coordinate to dismantle the infrastructure enabling DDoS attacks.
Technical Mitigations AI-generated
* Implement robust network segmentation and access controls to limit the spread of malware and DDoS-for-hire services within an organization.
* Regularly update and patch operating systems, applications, and software to prevent exploitation by known vulnerabilities and reduce the attack surface.
* Use a web application firewall (WAF) or intrusion detection system (IDS) to monitor and block suspicious traffic patterns, helping to identify and mitigate DDoS-for-hire attacks.
* Utilize encryption technologies, such as SSL/TLS or VPNs, to protect sensitive data in transit and prevent unauthorized access to critical systems.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation PowerOFFOperation PowerOFF
Target & Sectors
BENELUX
BENELUX
NORDICS
NORDICS
FIVE_EYES
FIVE_EYES
DACH
DACH
Incident Timeline
December 2024
Law enforcement agencies disrupted 27 popular platforms, including zdstresser.net and orbitalstress.net, to launch Distributed Denial-of-Service attacks in December.
Click on any entity below to view its context and source!
tactic
Ddos
In December 2024, law enforcement agencies operating under Operation PowerOFF
disrupted
27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks.
campaign
Operation PowerOFF
In December 2024, law enforcement agencies operating under Operation PowerOFF
disrupted
27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks.
observable
zdstresser.net
In December 2024, law enforcement agencies operating under Operation PowerOFF
disrupted
27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks.
observable
starkstresser.net
In December 2024, law enforcement agencies operating under Operation PowerOFF
disrupted
27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks.
observable
orbitalstress.net
In December 2024, law enforcement agencies operating under Operation PowerOFF
disrupted
27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks.
attribution
Distributed Denial-of-Service
In December 2024, law enforcement agencies operating under Operation PowerOFF
disrupted
27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks.
general_metric
27 PowerOFF
In December 2024, law enforcement agencies operating under Operation PowerOFF
disrupted
27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks.
2025/04/17
Polish authorities arrested four individuals allegedly involved in operating six DDoS-for-hire sites.
Click on any entity below to view its context and source!
tactic
Ddos
Last year, Polish police
arrested four people
allegedly operating six different DDoS-for-hire sites, offering their services for as little as 10 euros.
target_region
Poland
Last year, Polish police
arrested four people
allegedly operating six different DDoS-for-hire sites, offering their services for as little as 10 euros.
financial
10 euros
Last year, Polish police
arrested four people
allegedly operating six different DDoS-for-hire sites, offering their services for as little as 10 euros.
August 2025
The RapperBot botnet was taken down by the US in August 2025.
Click on any entity below to view its context and source!
tactic
Botnet
In August 2025, the U.S. also took down the RapperBot botnet, used for large-scale attacks across more than 80 countries since 2021.
organisation
RapperBot
In August 2025, the U.S. also took down the RapperBot botnet, used for large-scale attacks across more than 80 countries since 2021.
general_metric
80 countries
In August 2025, the U.S. also took down the RapperBot botnet, used for large-scale attacks across more than 80 countries since 2021.
13 April 2026
Four individuals were arrested in connection with the 'PowerOFF' DDoS-for-hire takedown.
Click on any entity below to view its context and source!
general_metric
21 countries
“On 13 April 2026, 21 countries joined forces in a coordinated action week that focused on enforcement and prevention measures against over 75 000 criminal users engaging in distributed denial-of-service (DDoS)-for-hire services.”
victims
000 criminal users
“On 13 April 2026, 21 countries joined forces in a coordinated action week that focused on enforcement and prevention measures against over 75 000 criminal users engaging in distributed denial-of-service (DDoS)-for-hire services.”
2026/04/17
Authorities arrested four suspects and seized 53 domains linked to DDoS-for-hire services used by over 75,000 cybercriminals.
Click on any entity below to view its context and source!
infrastructure
50 domains
More than 50 domains were seized and European authorities said they identified about 75,000 users of the DDoS-for-hire sites.
victims
75,000 users
More than 50 domains were seized and European authorities said they identified about 75,000 users of the DDoS-for-hire sites.
organisation
Justice Department
Justice Department prosecutors in Alaska said they “conducted searches of DDoS-for-hire backend servers.”
organisation
DDoS
The recent actions are part of an “operational sprint” where countries coordinate with experts and dismantle the infrastructure that enables DDoS attacks, Europol added.
DDoS-for-hire services, or “booters,” are illegal platforms that let users pay to launch DDoS attacks that flood websites or servers with traffic, causing outages.
infrastructure
100 domains
Eleven people have been charged in the U.S. over the last four years with facilitating DDoS-for-hire services and 100 domains have been seized.
infrastructure
53 domains
Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered.
Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered
Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts.
Operation PowerOFF
is an international law enforcement action that dismantled 53 domains linked to
DDoS-for-hire services
used by over 75,000 cybercriminals.
“With over 75 000 warning emails and letters being sent to identified criminal users and 4 arrests, the action week also led to the takedown of 53 domains and the issuing of 25 search warrants.”
21 countries participated in the law enforcement
operation PowerOFF
: Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the U.K., and the U.S.
Authorities disrupted booter services by seizing servers and infrastructure used to launch attacks, limiting further harm.
organisation
Operation PowerOFF
Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered
Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts.
victims
3 user accounts
Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered
Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts.
Authorities arrested four suspects, seized infrastructure, and gained access to databases containing more than 3 million user accounts.
Access to seized databases with over 3 million user accounts enabled coordinated global actions against cybercriminals and raised awareness about the illegality of these services.
organisation
SecurityAffairs
Pierluigi Paganini
Follow me on Twitter:
@securityaffairs
and
Facebook
and
Mastodon
(
SecurityAffairs
–
hacking,
Operation PowerOFF
)
organisation
Europol
Europol said four people were arrested and 25 search warrants were executed but did not provide detail on the raids or those detained.
reads the
press release
published by EUROPOL.
organisation
DOJ
In court documents, the DOJ said the domains taken down include Quantum-stress, Stresse, Unknownstresser, Vacstresser, dreams-stresser, Mythicalstress and others.
organisation
Quantum
In court documents, the DOJ said the domains taken down include Quantum-stress, Stresse, Unknownstresser, Vacstresser, dreams-stresser, Mythicalstress and others.
organisation
Mythicalstress
In court documents, the DOJ said the domains taken down include Quantum-stress, Stresse, Unknownstresser, Vacstresser, dreams-stresser, Mythicalstress and others.
financial
$950 plan
The most expensive plan was $950 per month, offering attacks that last 500 hours and can target 90 victim IPs.
infrastructure
90 victim IPs
The most expensive plan was $950 per month, offering attacks that last 500 hours and can target 90 victim IPs.
victims
300 users
The authorities also
arrested
three administrators of these platforms in France and Germany, and identified over 300 users.
Tactical Metrics
Metrics
infrastructure
50
Domains
Click for context!
More than 50 domains were seized and European authorities said they identified about 75,000 users of the DDoS-for-hire sites.
Metrics
victims
75,000
Users
More than 50 domains were seized and European authorities said they identified about 75,000 users of the DDoS-for-hire sites.
Metrics
infrastructure
100
Domains
Eleven people have been charged in the U.S. over the last four years with facilitating DDoS-for-hire services and 100 domains have been seized.
Metrics
financial
10
Euros
Last year, Polish police
arrested four people
allegedly operating six different DDoS-for-hire sites, offering their services for as little as 10 euros.
Metrics
financial
950
Plan
The most expensive plan was $950 per month, offering attacks that last 500 hours and can target 90 victim IPs.
Metrics
infrastructure
90
Victim Ips
The most expensive plan was $950 per month, offering attacks that last 500 hours and can target 90 victim IPs.
Metrics
infrastructure
53
Domains
“With over 75 000 warning emails and letters being sent to identified criminal users and 4 arrests, the action week also led to the takedown of 53 domains and the issuing of 25 search warrants.”
21 countries participated in the law enforcement
operation PowerOFF
: Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the U.K., and the U.S.
Authorities disrupted booter services by seizing servers and infrastructure used to launch attacks, limiting further harm.
Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered.
Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered
Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts.
Operation PowerOFF
is an international law enforcement action that dismantled 53 domains linked to
DDoS-for-hire services
used by over 75,000 cybercriminals.
Metrics
victims
300
Users
The authorities also
arrested
three administrators of these platforms in France and Germany, and identified over 300 users.
Metrics
victims
3,000,000
User Accounts
Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered
Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts.
Authorities arrested four suspects, seized infrastructure, and gained access to databases containing more than 3 million user accounts.
Access to seized databases with over 3 million user accounts enabled coordinated global actions against cybercriminals and raised awareness about the illegality of these services.
Metrics
victims
0
Criminal Users
“On 13 April 2026, 21 countries joined forces in a coordinated action week that focused on enforcement and prevention measures against over 75 000 criminal users engaging in distributed denial-of-service (DDoS)-for-hire services.”
Intelligence Sources
TheRecord
2026-04-17
Security Affairs
2026-04-17
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-04-27T06:14
Comprehensive Tactical Telemetry
Highly Correlated Entities
17x
target region
Target Country
Poland
country
9x
organisation
Identified Entity
Justice Department
entity
7x
attribution
Attributing Entity
FBI
authority
5x
timeline
Temporal Reference
2025/04/17
date
3x
tactic
Cyber Operation Type
Ddos
tactic
3x
general metric
Countries
20
countries
3x
infrastructure
Domains
50
domains
3x
source region
Origin Country
Thailand
country
2x
victims
Users
75,000
users
Contextual Telemetry
Context Block
16 METRICS
general metric
Ddos Attacks
142,000,000
ddos attacks
campaign
Campaign
Operation PowerOFF
operation
financial
Euros
10
euros
general metric
Search Warrants
25
search warrants
general metric
Minutes
40
minutes
financial
Plan
950
plan
general metric
Last Hours
500
last hours
infrastructure
Victim Ips
90
victim ips
general metric
Warning Emails
0
warning emails
general metric
Arrests
4
arrests
general metric
Criminal Accounts
3,000,000
criminal accounts
victims
User Accounts
3,000,000
user accounts
general metric
Cybercriminals
75,000
cybercriminals
general metric
Poweroff
27
poweroff
victims
Criminal Users
0
criminal users
general metric
Malicious Urls
100
malicious urls
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.