Europol Shuts Down 27 DDoS Platforms Across 15 Countries, Arrests Administrators

In a groundbreaking move against cybercrime, Europol has announced the successful dismantling of 27 illegal Distributed Denial-of-Service (DDoS) attack platforms as part of a coordinated international operation known as PowerOFF. The global crackdown, which involved law enforcement from 15 countries, led to the closure of several illicit websites commonly used for launching cyberattacks, including zdstresser.net, orbitalstress.net, and starkstresser.net.

These so-called “booter” and “stresser” services use botnet malware, often installed on compromised devices, to flood targets with malicious traffic. The perpetrators behind these platforms offer their services to paying customers, who use them to carry out DDoS attacks on various targets, including websites and online services, rendering them inaccessible.

Europol’s operation not only took down these platforms but also arrested three key administrators in France and Germany. Over 300 individuals connected to these criminal activities have been identified, and law enforcement agencies are working to further investigate and prevent future incidents.

In a statement, Europol highlighted the severe impact of these platforms on global cybersecurity. “Known as ‘booter’ and ‘stresser’ websites, these platforms enabled cybercriminals and hacktivists to flood targets with illegal traffic, rendering websites and other web-based services inaccessible,” the agency said.

Europol noted that the motivations behind these cyberattacks are varied. “The motivations for launching such attacks vary, from economic sabotage and financial gain to ideological reasons, as demonstrated by hacktivist collectives such as KillNet or Anonymous Sudan,” the statement continued.

Local authorities have taken further legal action in the Netherlands, prosecuting four suspects aged between 22 and 26. These individuals, from cities including Rijen, Voorhout, Lelystad, and Barneveld, are accused of being involved in hundreds of DDoS attacks. The Dutch police have vowed to continue tackling cybercrime linked to these illicit platforms.

The successful operation was possible by collaborating with multiple nations, including Australia, Brazil, Canada, Finland, France, Germany, Japan, Latvia, the Netherlands, Poland, Portugal, Sweden, Romania, the United Kingdom, and the United States. This international effort demonstrates the growing resolve of law enforcement agencies worldwide to combat cybercrime.

This operation follows on the heels of another significant takedown in Germany, where authorities disrupted the criminal DDoS service dstat[.]cc. The service had been facilitating cyberattacks for various malicious actors.

The importance of tackling DDoS attacks has grown even more evident in recent weeks. Cloudflare, a leading web infrastructure and security company, reported a marked increase in DDoS activity during the Black Friday and Cyber Monday shopping seasons, particularly targeting shopping and retail websites in the U.S. According to Cloudflare, 6.5% of global traffic in 2024 was identified as potentially malicious, with industries such as Gambling/Games, Finance, and Telecom being the most affected.

In response to these growing threats, cybersecurity researchers have pointed out a new vulnerability tied to web application firewalls (WAFs) used in enterprise environments. A misconfiguration bug within CDN-based WAF services could allow threat actors to bypass security measures and launch DDoS attacks. This vulnerability, known as “Breaking WAF,” has raised concerns about the effectiveness of current defense mechanisms, especially as modern WAF providers also function as Content Delivery Network (CDN) providers.

Experts recommend that organizations bolster their defenses by implementing measures such as IP allowlists, HTTP header-based authentication, and mutually authenticated TLS (mTLS) to mitigate the risk these emerging attack methods pose.

Europol’s successful operation marks a critical step in the ongoing fight against cybercrime. Law enforcement agencies are intensifying their efforts to dismantle the infrastructure that enables these attacks and bring the perpetrators to justice.