Europol, Poland Bust Major DDoS-for-Hire Operation, Arrest 4

Polish authorities arrest 4 behind major DDoS-for-hire sites used in global attacks. Europol, US, Germany, and Dutch forces assist in takedown.

In a coordinated international operation, law enforcement has shut down a major slice of the DDoS-for-hire business. Polish authorities, supported by Europol and agencies in the US, Germany, and the Netherlands, have arrested four individuals accused of running six separate stresser/booter platforms that fueled thousands of cyberattacks between 2022 and 2025.

The arrested suspects are believed to be behind platforms including:

• Cfxapi
• Zapcut
• Jetstress
• Neostress
• Cfxsecurity
• Quickdown

These services offered anyone with a few euros the power to carry out DDoS attacks and knock websites and servers offline with little more than a login and a target IP address. Prices reportedly started as low as €10.

According to Europol’s press release, these platforms were used to hit schools, public services, businesses, and online gaming platforms. The attacks flooded systems with overwhelming amounts of fake traffic, leaving legitimate users locked out and services down.

Stresser and booter services market themselves as legitimate tools for stress-testing servers. In reality, they’re often used to carry out coordinated denial-of-service attacks. By centralizing and automating the process, these platforms make it easy for nearly anyone to carry out disruptions at scale, with no technical expertise required.

All it takes is entering the target’s IP address, choosing the method of attack, and paying the fee. The backend handles the rest, launching a wave of junk traffic that can knock offline even well-protected systems.

The operation, part of the ongoing Operation PowerOFF, highlights how global authorities are stepping up pressure on the people running these services. Dutch law enforcement has gone a step further, launching fake booter sites designed to warn users and gather intelligence on would-be attackers.

Data recovered from seized servers in the Netherlands played a key role in helping Polish investigators track and arrest the suspects. Germany contributed to the investigation by identifying one of the administrators, while US agencies seized nine domains linked to similar services during the same week.

This operation not only dismantles part of the infrastructure used to sell and deliver DDoS attacks but also sends a message to both operators and customers. Law enforcement isn’t just tracking the platforms, they’re watching the users too.

Nevertheless, in the end, by taking down these services, authorities are making it harder for casual users to access and weaponize DDoS attacks. At the same time, they’re showing how international cooperation can make a meaningful dent in online criminal activity.