Global Law Enforcement Operation PowerOFF Dismantles DDoS-for-Hire Infrastructure and Exposes Millions of Cybercriminal Accounts
Coordinated International Crackdown Disrupts Booter Services, Seizes 53 Domains, and Targets Over 75,000 Threat Actors
A large-scale international law enforcement effort, known as Operation PowerOFF, has successfully disrupted major DDoS-for-hire services used by cybercriminals worldwide.
Authorities seized 53 domains, arrested multiple suspects, and uncovered over 3 million criminal user accounts linked to illegal DDoS operations.
This operation represents a significant step in dismantling the cybercrime ecosystem that enables large-scale attacks with minimal technical effort.
OPERATION OVERVIEW
What Happened
The coordinated action involved 21 countries, including the United States, United Kingdom, Germany, and others, working together to:
- Take down DDoS-for-hire platforms (booter services)
- Seize backend infrastructure (servers, databases)
- Identify and track users of these illegal services
- Issue warnings and initiate legal actions
Additionally, authorities executed 25 search warrants and began notifying individuals involved in these activities.
WHAT ARE DDoS-FOR-HIRE SERVICES
Booter Services Explained
DDoS-for-hire platforms, often called booter services, allow users to launch distributed denial-of-service (DDoS) attacks through simple interfaces.
These platforms typically provide:
- Easy-to-use dashboards
- Subscription-based attack services
- Pre-built attack infrastructure
As a result, even non-technical users can disrupt:
- Websites
- Online services
- Enterprise networks
SCALE OF THE CRIMINAL ECOSYSTEM
Key Findings from the Operation
- 75,000+ users actively used these services
- 3 million+ accounts identified in seized databases
- Global infrastructure supporting large-scale attacks
This highlights how accessible and widespread DDoS-as-a-service has become in the cybercrime landscape.
WHY THIS MATTERS
Lower Barrier to Cybercrime
DDoS-for-hire services significantly reduce the technical barrier required to launch attacks.
Consequently, attackers can:
- Execute large-scale disruptions easily
- Target competitors or organizations
- Conduct extortion or hacktivist campaigns
Wide Range of Motivations
These attacks are not limited to one purpose. Instead, they are used for:
- Financial gain (extortion)
- Ideological attacks (hacktivism)
- Competitive disruption
- Curiosity or experimentation
Moreover, some services disguise themselves as “stress-testing tools” to evade detection and legal scrutiny.
IMPACT OF THE TAKEDOWN
Immediate Disruption
By seizing infrastructure and domains, authorities have:
- Disabled active DDoS services
- Prevented ongoing attacks
- Disrupted criminal supply chains
Long-Term Deterrence
Importantly, the operation also sends a strong message:
➡️ Users of these services are no longer anonymous
With millions of accounts exposed, law enforcement now has:
- Intelligence on users
- Evidence for future prosecutions
- Visibility into cybercrime networks
BROADER CONTEXT
This operation builds on previous takedowns, including botnets like RapperBot, which targeted victims across more than 80 countries.
Therefore, global enforcement efforts are becoming more coordinated and aggressive in dismantling cybercrime infrastructure.
KEY TAKEAWAY
DDoS-for-hire services have transformed cyberattacks into accessible, scalable, and commercialized operations. However, operations like PowerOFF demonstrate that:
➡️ Law enforcement is actively tracking, disrupting, and identifying both operators and users
Organizations should remain vigilant, as these services continue to evolve despite enforcement actions.