DDoS-for-hire Empire Brought Down: Poland Arrests 4 Administrators, US Seizes 9 Domains

In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10.

The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – are thought to have facilitated widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025. 

The platforms offered slick interfaces that required no technical skills. Users simply entered a target IP address, selected the type and duration of attack, and paid the fee — automating attacks that could overwhelm even well-defended websites.

Global law enforcement response

The arrests in Poland were part of a coordinated international action involving law enforcement authorities in 4 countries, with Europol providing analytical and operational support throughout the investigation.

Dutch authorities have deployed fake booter sites designed to warn users seeking out DDoS-for-hire services, reinforcing the message that those who use these tools are being watched and could face prosecution. Data from booter websites, seized by Dutch law enforcement in data centres in the Netherlands, was shared with international partners, including Poland, contributing to the arrest of the four administrators.

The United States seized 9 domains associated with booter services during the coordinated week of action, continuing its broader campaign against commercialised DDoS platforms.

Germany supported the Polish-led investigation by helping identify one of the suspects and sharing critical intelligence on others.

What are stresser and booter services?

Stresser and booter services offer on-demand cyberattacks, often disguised as tools for legitimate testing but widely used to cause deliberate disruption. These services let users flood a target server or website with enormous volumes of fake traffic, making them inaccessible to real users – a technique known as distributed denial of service.

Unlike traditional botnets, which require the control of large numbers of infected devices, stresser/booter services industrialise DDoS attacks through centralised, rented infrastructure. They are often advertised on underground forums and the dark web, and transactions are typically anonymised.

This coordinated action is part of Operation PowerOFF, an ongoing international law enforcement effort targeting the infrastructure behind DDoS-for-hire activity.