Authorities Seize DDoS-for-Hire Domains in Operation PowerOFF Crackdown
U.S. and international law enforcement agencies expanded Operation PowerOFF by seizing additional domains tied to DDoS-for-hire, or booter/stressor, services used to launch distributed denial-of-service attacks on demand. The U.S. Department of Justice said the FBI took control of 13 more domains linked to prolific platforms, including services that had resurfaced after an earlier disruption of 48 booter sites. Investigators found the platforms had amassed hundreds of thousands of registered users and had been used against school districts, government websites, businesses, and other targets; FBI testing on government-controlled systems showed some attacks were strong enough to completely cut off internet connectivity.
The takedowns build on years of coordinated enforcement that has included the seizure of 15 booter websites, action against users of major DDoS-for-hire platforms, and prosecutions of operators tied to services such as RoyalStresser.com, SecurityTeam.io, Astrostress.com, and Booter.sx. Europol says the long-running campaign targets services that sell attacks for as little as EUR 10, lowering the barrier for low-skilled offenders and sometimes supporting broader criminal activity, including ransomware operations. The effort has involved the FBI, Europol, the U.K. National Crime Agency, Dutch police, and other global partners, alongside prevention campaigns aimed at deterring would-be users.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
FBI seizes 13 additional booter domains
On May 9, 2023, the U.S. Department of Justice announced the seizure of 13 more domains linked to DDoS-for-hire services under Operation PowerOFF. Investigators said 10 of the domains were tied to services connected to domains seized in December 2022, suggesting operators had reconstituted their infrastructure.
Four defendants plead guilty in booter-service case
Earlier in 2023, four defendants charged in the December 2022 case pleaded guilty to operating RoyalStresser.com, SecurityTeam.io, Astrostress.com, and Booter.sx. The pleas marked a prosecutorial milestone in the broader booter-service crackdown.
Operation PowerOFF disrupts 48 booter services
In December 2022, authorities disrupted 48 DDoS-for-hire services as part of Operation PowerOFF. This earlier sweep later became notable because investigators said some operators resumed activity using new domains.
Authorities pursue users of major DDoS-for-hire platform
Europol announced that law enforcement agencies worldwide were taking action against users of one of the largest DDoS-for-hire websites. The move expanded the crackdown from platform operators to customers who had purchased attacks.
FBI seizes 15 DDoS-for-hire websites
U.S. authorities seized 15 booter websites in a major enforcement action against DDoS-for-hire services. The takedown was part of the broader international crackdown on platforms enabling paid denial-of-service attacks.
Operation PowerOFF launches to target DDoS-for-hire services
Europol and international law enforcement partners began Operation PowerOFF in July 2017 to dismantle booter and stresser platforms used to sell on-demand DDoS attacks. The effort combined enforcement with prevention campaigns aimed at deterring would-be users.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Feds continue takedowns of DDoS-for-hire ‘booter’ sites | The Record from Recorded Future News
therecord.media
Open sourceUS authorities seize more domains linked to prolific DDoS-for-hire websites | TechCrunch
techcrunch.com
Open sourceAuthorities across the world going after users of biggest DDoS-for-hire website | Europol
europol.europa.eu
Open sourceFBI Seizes 15 DDoS-For-Hire Websites - Kotaku
kotaku.com
Open sourceOperation PowerOFF - A global law enforcement effort targeting and dismantling Distributed Denial of Service (DDoS) for hire | Europol
europol.europa.eu
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Operation PowerOFF disrupts DDoS-for-hire platforms and arrests administrators
An international law enforcement campaign under **Operation PowerOFF** has repeatedly dismantled major **DDoS-for-hire** or **booter/stresser** services, seizing domains and infrastructure, arresting alleged administrators, and targeting customers across dozens of countries. In one major phase, authorities shut down **48 services** and arrested **seven** suspected operators after U.S. charges tied defendants to platforms including `Booter.sx`, `Astrostress.com`, and `SecurityTeam.io`; officials said one seized service alone had been used in more than **30 million attacks**. A later coordinated action involving the United States and about **20 partner countries** seized **53 domains**, made **four arrests**, executed **25 search warrants**, and sent more than **75,000 warning messages** to users, while also removing more than **100 URLs** advertising booter sites. The crackdown builds on earlier takedowns such as the seizure of **Webstresser.org**, which Europol described as the world’s largest DDoS-for-hire marketplace, with more than **136,000 registered users** and **4 million attacks** recorded before it was dismantled. Investigators said these services marketed themselves as legitimate network testing tools but were used to launch attacks against **schools, government agencies, gaming platforms, critical infrastructure, Department of Defense resources, businesses, and individuals**, often for as little as **EUR 15 per month**. Authorities also expanded disruption efforts beyond arrests and seizures by placing warning ads in search results and reaching users through cryptocurrency payment channels, underscoring a sustained multinational effort to raise the cost of operating and buying low-barrier DDoS attack services.
May 25, 2026
Operation PowerOFF Disrupts DDoS-for-Hire Services and Identifies 3 Million Accounts
Authorities from 21 countries carried out a coordinated Operation PowerOFF crackdown against **DDoS-for-hire** infrastructure, dismantling booter services used to launch attacks against online marketplaces, telecommunications providers, and other internet-facing services. The action resulted in **53 domain takedowns**, **4 arrests**, and **25 search warrants**, while investigators seized servers, infrastructure, and databases tied to the illegal platforms. Data recovered during the operation helped investigators identify **more than 3 million criminal user accounts**, and law enforcement sent **over 75,000 warning emails and letters** to suspected users. Europol said the services lowered the barrier to launching disruptive attacks for motives ranging from curiosity and hacktivism to extortion and anti-competitive activity; prevention measures also included removing **more than 100 URLs** advertising booter services from search results, posting blockchain warning messages, and updating the Operation PowerOFF website as the international enforcement effort continues.
Apr 24, 2026
Authorities Disrupt Four IoT Botnets Behind 30 Tbps DDoS Attacks
U.S., Canadian, and German authorities disrupted the command-and-control infrastructure of four major IoT botnets — **Aisuru, KimWolf, JackSkid, and Mossad** — that collectively compromised more than **three million** internet-connected devices worldwide. Investigators said the botnets, built largely from vulnerable **DVRs, IP cameras, web cameras, and enterprise Wi‑Fi routers**, were used in hundreds of thousands of distributed denial-of-service attacks, including operations targeting **U.S. Department of Defense** systems, other high-value networks, and critical infrastructure. Officials said the malware networks were capable of generating traffic above **30 Tbps**, with one attack reaching roughly **31.4 Tbps**, placing them among the largest DDoS threats recorded. The operators allegedly ran the infrastructure as a **DDoS-for-hire** service and also used it for extortion, threatening victims with sustained attacks unless they paid. The U.S. action, led by the Defense Criminal Investigative Service with support from the FBI Anchorage Field Office, included seizure warrants for domains and virtual servers, while Germany’s **BKA** and Canada’s **RCMP** carried out parallel enforcement steps. Private-sector partners including **Akamai, AWS, Cloudflare, Team Cymru, and The Shadowserver Foundation** supported the disruption. Authorities said the takedown degraded the botnets’ ability to operate, but warned that the underlying risk remains because millions of infected or insecure devices are still online with weak credentials or outdated firmware.
Mar 25, 2026