Six DDoS sites seized in multi-national law enforcement operation
Authorities in Poland have arrested four people accused of administrating and selling access to distributed denial of service (DDoS) services, according to a press release from Europol.
The suspects are believed to have operated six so-called “stresser” or “booter” services that enabled customers across the world to launch thousands of attacks on targets ranging from government offices to businesses and schools. From 2022 to 2025, the platforms — identified as Cfxapi, Cfxsecurity, neostress, jetstress, quickdown, and zapcut — allegedly allowed users to bombard websites and servers with high volumes of junk traffic, often rendering them inaccessible.
The services, which offered easy-to-navigate interfaces, required minimal user knowledge: attackers could select a target, choose the attack specifications, and pay as little as 10 euros for each disruption, according to Europol.
The arrests in Poland were part of a coordinated law enforcement response spanning four countries and supported by Europol. In addition to the Central Cybercrime Bureau in Poland, the investigation was supported by German Federal Criminal Police Office, the Prosecutor General’s Office in Frankfurt, the Dutch National Police, and multiple U.S. agencies, including the Department of Justice, FBI, Homeland Security Investigations (HSI), and Defense Criminal Investigative Service (DCIS).
Additionally, U.S. authorities seized nine domain names linked to similar DDoS-for-hire operations.
“Booter services facilitate cyberattacks that harm victims and compromise everyone’s ability to access the internet,” said U.S. Attorney Bill Essayli for the Central District of California. “This week’s sweeping law enforcement activity is a major step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.”
Assistance was provided by Akamai, Amazon Web Services, Cloudflare, Digital Ocean, Flashpoint, Google, PayPal, The University of Cambridge, and Unit 221B.
This week’s operation was run in concert with Operation PowerOFF, which since 2018 has targeted the infrastructure underpinning DDoS-for-hire markets. Most recently, in December, the operation led to 27 major DDoS attack platforms being seized, resulting in the arrest of three administrators in France and Germany.
The names of the individuals taken into custody this week were not released.
