An international operation against the services of "DDoS-for-hire" has hit the commercial cyberharassment industry with a strong blow: the authorities deactivated 53 domains and arrested four people related to platforms that facilitated distributed service denial attacks (DDoS) to customers with little technical knowledge. In the course of the intervention, known as Operation PowerOFF, access to the databases that supported these services, with more than 3 million user accounts, was achieved and tens of thousands of potential customers were identified using these tools to launch attacks.
The scope of the action is remarkable: in addition to the arrests and the closure of domains, researchers issued 25 search warrants and warnings were sent both by email and by letter to those who appeared in the records as buyers of these services. Up to 21 countries participated in the operation, including the United States, the United Kingdom, several Member States of the European Union and nations of Asia and Oceania, which underlines the overall dimension of the problem and the multinational cooperation needed to combat it.
What exactly are the "booter" or "stresser" services? They are platforms that are marketed as tools to test the resistance of a web or server, but in practice they allow anyone - for a fee - to send massive volumes of traffic to a specific direction until it is saturated. This simplicity makes booter a gateway for actors with little technical training who want to cause interruptions, extort companies or press for ideological reasons.
In addition, these infrastructures not only benefit beginners: groups with more resources or technical experience can take advantage of services to scale, customize or camouflage their malicious campaigns, combining them with other more sophisticated tools and botnets. For this reason, the removal of servers, control panels and databases will bring down not only the commercial facade, but also the logistics that makes possible large-scale attacks.
The motivations behind the DDoS attacks are varied: there are those who do it for curiosity, for money - for example by extorting companies to pay for the cessation of the attack - or for political and activism reasons. Sometimes, operators try to justify their service by claiming that they are legitimate stress testing tools, a frequent alibi that makes research work difficult until malicious use is demonstrated.
Prosecutors and IT security agencies have been prioritizing these operations because the potential damage is real and significant: the interruption of web services strikes businesses, public organizations and critical infrastructure, with economic and reputation losses that can be substantial. Therefore, the coordinated action of Operation PowerOFF sought not only to close doors, but also to leave evidence to pursue users and deter future recruitment.
This offensive is in addition to other recent operations against networks and botnets responsible for mass attacks. For example, the case of RapperBot - which according to government communiqués was deactivated in a previous operation - shows how botnets can operate for years and affect victims in dozens of countries, until an international investigation can neutralize them. To better understand how such actions and their objectives work, press releases and technical vectors published by organisations such as Europol or national agencies provide context and evidence of the methodology used.
While PowerOFF's results seem significant, it is important to remember that the criminal ecosystem is adapted. When services are closed, new panels, concealment techniques and payment methods appear that complicate the tracking. In this regard, the arrest of operators and the seizure of infrastructure are necessary but not sufficient steps: a sustained approach is required to combine legal, technical and educational measures.
What can companies and administrators do to protect themselves? First, having DDoS mitigation plans and scalable protection services can reduce the impact of an attack; second, backup, segmenting critical services and monitoring traffic to detect early anomalies helps to react quickly; and third, working with connectivity providers and incident response teams to activate coordinated countermeasures. The specialized cybersecurity agencies publish practical guides to mitigate DDoS attacks and establish response protocols.
The offensive also raises legal and ethical issues about the responsibility of infrastructure providers and payment platforms that facilitate illegal business. Combating the supply of services requires both regulatory pressure and private sector collaboration to close monetization channels and accommodation that support the booter panels.
In short, the recently announced operation makes it clear that the fight against the economy of cyberharassment needs international coordination, decisive technical actions and public policies that discourage both the supply and demand of these tools. The recovery of databases and the identification of hundreds of thousands of users are steps that allow not only to prevent ongoing attacks, but also to conduct judicial processes and awareness-raising plans for potential clients of such services.
For those who want to deepen, the pages of the institutions that lead these investigations provide details and official releases; Europol maintains an information space on anti-cybercrime actions and campaigns against DDoS-for-hire, which can be consulted at europol.europa.eu / newsroom. For technical guides and mitigation recommendations, the European Union Agency for Cybersecurity (ENISA) has useful resources available on its portal, accessible on enisa.europa.eu. And, to understand the approach and investigations of law enforcement in the United States, the FBI's cyberresearch section is a public reference in fbi.gov / investigate / cyber.
The battle against DDoS-for-hire platforms does not end with an operation: it is a continuous process that combines research, prevention and education. But operations like PowerOFF show that, when international cooperation works, an illicit market that facilitates large-scale attacks and protects, for now, those who commit them can be checked.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...