Illustration by iStock; *Security Management*

Operation PowerOFF Results in Four Arrests

By Sara Mosqueda

8 May 2025

Polish authorities arrested four people who were allegedly involved in running and selling access to a network of platforms that provided distributed denial of service (DDoS) cyberattacks.

The arrests were executed in coordination with law enforcement across four nations, with Europol providing analytical and operational support throughout the investigation. The names of the suspects have not yet been released.

The participating authorities included Germany’s Federal Criminal Police Office, the Prosecutor General’s Office in Frankfurt—Cyber Crime Centre; The Netherland’s National Police; Poland’s Central Cybercrime Bureau; and the U.S. Departments of Justice, Homeland Security, and Defense.

Dutch law enforcement seized data from servers in the Netherlands and shared the information with its international partners, including Polish authorities—a move that contributed to the arrest of the four individuals. German authorities helped by identifying one of the suspects and sharing information about the others. And U.S. agencies seized nine domains associated with booter services—which offer on-demand cyberattacks through centralized, rented infrastructure—during the takedown efforts, which occurred earlier this week, according to a press release published by Europol.

Authorities believe the suspects’ network helped enable thousands of cyberattacks all over the world, including attacks on businesses, gaming platforms, government services, and schools between 2022 and 2025. The arrested individuals are accused of providing six separate platforms— Cfxapi, Cfxsecurity, jetstress, neostress, quickdown, and zapcut—that allowed customers to flood websites and servers with malicious traffic to the point of going offline for as little as 10 euros, according to Europol.

The platforms, now kaput, offered a simple interface that users with virtually no technical skills could leverage to attack a target with nothing more than a target’s IP address. The user would then pick the kind of attack and how long he or she wanted it to last, pay the fee, and sit back while the platform automated the rest of the cyberattack.

The takedown of the platforms and the suspected operators was part of Operation PowerOFF, an ongoing international law enforcement effort to target the infrastructure that supports DDoS-for-hire activity.

A DDoS attack can take advantage of security or device weaknesses that will allow the attacker to control several devices using command-and-control software, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The attack can happen when multiple machines work together to attack a single target, with attackers often using a botnet—a group of hijacked internet-connected devices—to carry out the attack. The devices are either hijacked by the attacker or rented out by a third-party.

“DDoS allows for exponentially more requests to be sent to the target, therefore increasing the attack power. It also increases the difficulty of attribution, as the true source of the attack is harder to identify,” CISA said.