DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains | Europol
In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10. The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – are thought to have facilitated widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025. The platforms offered slick interfaces that required no technical skills. Users simply entered a target IP address, selected the type and duration of attack, and paid the fee — automating attacks that could overwhelm even well-defended websites. Global law enforcement response The arrests in Poland were part of a coordinated international action involving law enforcement authorities in 4 countries, with Europol providing analytical and operational support throughout the investigation. Dutch authorities have deployed fake booter sites designed to warn users seeking out DDoS-for-hire services, reinforcing the message that those who use these tools are being watched and could face prosecution. Data from booter websites, seized by Dutch law enforcement in data centres in the Netherlands, was shared with international partners, including Poland, contributing to the arrest of the four administrators. The United States seized 9 domains associated with booter services during the coordinated week of action, continuing its broader campaign against commercialised DDoS platforms. Germany supported the Polish-led investigation by helping identify one of the suspects and sharing critical intelligence on others.
