Europol Dismantles 27 DDoS Platforms Across 15 Countries, Arrests Key Administrators

A global law enforcement initiative has successfully dismantled 27 stresser services used for distributed denial-of-service (DDoS) attacks. This operation, part of a multi-year international effort named PowerOFF, was coordinated by Europol with the participation of 15 countries.

The operation targeted booter and stresser websites, including zdstresser.net, orbitalstress.net, and starkstresser.net. These platforms often deploy botnet malware on compromised devices to execute attacks for paying customers. In addition to taking the services offline, authorities arrested three administrators in France and Germany and identified over 300 users for planned follow-up actions.

“Booter and stresser platforms allowed cybercriminals and hacktivists to overwhelm targets with illegal traffic, rendering websites and online services inaccessible,” Europol explained. Motivations behind such attacks range from financial sabotage and monetary gain to ideological causes, as seen with groups like KillNet or Anonymous Sudan.

Dutch authorities also announced the prosecution of four suspects, aged 22 to 26, from Rijen, Voorhout, Lelystad, and Barneveld, for conducting hundreds of DDoS attacks.

Participating countries in PowerOFF included Australia, Brazil, Canada, Finland, France, Germany, Japan, Latvia, the Netherlands, Poland, Portugal, Sweden, Romania, the U.K., and the U.S.

This crackdown follows a recent German operation that disrupted dstat[.]cc, a service enabling DDoS attacks. Meanwhile, Cloudflare reported a spike in DDoS activity targeting U.S. retail websites during the Black Friday/Cyber Monday shopping season. The company revealed that 6.5% of global traffic in 2024 was flagged as potentially malicious, with the gambling/gaming sector being the most targeted, followed by finance, digital platforms, society, and telecom industries.

Adding to these developments, researchers have identified a widespread misconfiguration in enterprise environments using CDN-based web application firewall (WAF) services. Dubbed Breaking WAF, the flaw allows attackers to bypass security measures and launch DDoS attacks.

Zafran researchers noted that the issue arises because modern WAF providers often double as CDN providers, creating an architectural vulnerability. Organizations are urged to mitigate these risks by adopting IP allowlists, HTTP header-based authentication, and mutually authenticated TLS (mTLS).