Pierluigi Paganini May 08, 2025

Polish police arrested 4 people behind DDoS-for-hire platforms used in global attacks, offering takedowns for as little as €10 via six stresser services.

Polish authorities arrested 4 people linked to 6 DDoS-for-hire platforms, Cfxapi, Cfxsecurity, neostress, jetstress, quickdown, and zapcut, used to launch attacks worldwide for as little as €10. The platforms were used to carry out thousands of attacks against multiple organizations, including schools, government services, businesses, and gaming platforms, between 2022 and 2025. 

“In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10.” reads the Press Release published by Europol. “The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – are thought to have facilitated widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025. “

Stresser/booter services are online platforms that offer Distributed Denial of Service (DDoS) attacks as a paid service. Originally marketed as tools to test the robustness of networks (hence the name “stresser”), they are often used to conduct malicious activities. Stresser/booter services industrialize DDoS attacks using rented infrastructure, not botnets, and are sold anonymously via underground forums and the dark web.

An international operation led to arrests in Poland for running DDoS-for-hire platforms. Europol, the U.S., Germany, and the Netherlands supported the operation. Dutch authorities deployed fake booter sites and shared seized data, aiding the arrests. The U.S. seized 9 booter domains, and Germany helped identify suspects, highlighting global coordination against DDoS services.

The seizure of the six DDoS-for-hire platforms is part of Operation PowerOFF, which is an ongoing international law enforcement initiative launched in 2018 to combat booter platforms.

In December 2024, a global law enforcement operation, part of the Operation PowerOFF, disrupted 27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks.

In November 2024, German police shut down the DDoS-for-hire platform Dstat.cc that allowed its customers to launch DDoS attacks. Two men, aged 19 and 28 from Darmstadt and Rhein-Lahn, were arrested in Germany for allegedly managing criminal infrastructure used for DDoS attacks and large-scale drug trafficking.

Authorities accused them of running the online platform “Flight RCS,” which sold designer drugs and synthetic cannabinoids. The suspects are facing charges of operating a criminal trading platform for commercial and gang activities and are set to appear before a judge today.

Police seized both Dstat.cc and Flight RCS platforms, they also searched seven properties in Germany.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DDoS-for-hire)