Europol Pulls the Plug on Major DDoS-for-Hire Rings

Young Suspects Caught in Poland, Web Domains Grabbed in the U.S.

Four Polish citizens between 19 and 22 years old have been taken into custody after an international probe into paid-for cyber-attacks. At the same time, U.S. agents seized nine web addresses that once fronted bogus “stress-testing” portals used to knock sites offline.

You might be interested in: WordPress Plugin Gives Attackers Full Control

Six Knock-down Services Brought to a Halt

Investigators say the group ran six different services—cfxapi, cfxsecurity, neostress, jetstress, quickdown, and zapcut. For as little as ten euros, anyone could fill in a target’s IP address, pick an attack style, pay, and watch the victim’s website disappear. Between 2022 and 2025 thousands of assaults hit schools, public offices, private firms, and online games.

Slick Interfaces, Simple Set-up

These sites looked polished and called themselves stress testers, but their real aim was disruption. Unlike old-school botnets that hijack infected PCs, the shutdown platforms rented powerful servers and bundled them into one easy-to-use tool. Customers needed no tech skills—just a credit card.

Price Tags That Scaled With Firepower

Archived pages show cfxsecurity bragging that it was the “#1 stress testing service,” selling monthly plans from $20 up to $130. QuickDown offered similar deals, topping out at $379 for its biggest package. A 2024 report by Radware noted that QuickDown even mixed a botnet add-on with dedicated hosts to boost attack strength.

Part of Ongoing Operation PowerOFF

Europol ran the latest raids with help from Dutch and German officers under the long-running banner “Operation PowerOFF,” a drive to wipe out DDoS-for-hire hubs. Back in December 2024 the same task force took 27 other stresser sites offline and filed charges against suspects in both the Netherlands and the United States.

By cutting off these six services and arresting their alleged operators, police hope to make it harder—and pricier—for would-be attackers to flood the internet with fake traffic.