Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts Ravie LakshmananApr 17, 2026DDoS / Cybercrime An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to databases containing over 3 million criminal user accounts. Authorities are also sending warning emails and letters to the identified criminal users, and 25 search warrants have been issued. As many as 21 countries participated in the action: Australia, Austria, Belgium, Brazil, Bulgaria, Denmark, Estonia, Finland, Germany, Japan, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal, Sweden, Thailand, the U.K., and the U.S. "Booter services allow users to launch DDoS attacks against targeted websites, servers, or networks," Europol said in a statement. "Their infrastructure is made up of servers, databases, and other technical components that make DDoS-for-hire activities possible. By seizing these infrastructures, authorities were able to hinder these criminal operations and prevent further damage to victims." The agency described DDoS-for-hire as one of the most prolific and easily accessible trends in cybercrime, as it allows even individuals with little to no technical knowledge to execute malicious attacks at scale and inflict significant damage to busin Europol also noted that DDoS activity can originate from well-resourced and skilled threat actors, who could rely on such services to customize or optimize their illicit activities. DDoS attacks often tend to target various web-based services, with the motivations behind them as varied as they are broad. This ranges from simple curiosity and financial gain through extortion to hacktivism driven by ideological reasons and disruption of competitors' services. Some operators of these services have been found to mask their true motives and escape law enforcement scrutiny by disguising them as stress-testing tools. The development marks the latest step taken by authorities to dismantle criminal DDoS-for-hire infrastructures worldwide as part of PowerOFF. In August 2025, the U.S. government announced the takedown of a DDoS botnet called RapperBot that was used to conduct large-scale disruptive attacks targeting victims in over 80 countries since at least 2021. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  botnet, Cybercrime, cybersecurity, ddos, digital forensics, Europol, law enforcement Trending News New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks Block the Prompt, Not the Work: The End of "Doctor No" Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More AI Will Change Cybersecurity. Humans Will Define Its Success. A Lesson No Algorithm Can Teach Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Load More ▼ Popular Resources Secure Your AI Systems Across the Full Lifecycle of Risks Get Full Visibility into Vendor and Internal Risk in One Platform Learn How to Block Breached Passwords in Active Directory Before Attacks [Guide] Get Practical Steps to Govern AI Agents with Runtime Controls