Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world.
In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms.
“The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10,” Europol said in a statement.
The services, named cfxapi, cfxsecurity, neostress, jetstress, quickdown and zapcut, are said to have been instrumental in launching widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025.
Europol said the platforms offered “slick user interfaces,” enabling malicious actors with little to no technical expertise to orchestrate DDoS attacks by simply entering a target IP address, choosing the type of attack, and paying a fee.
Stresser services, typically advertised on underground forums, are often disguised as legitimate stress-testing tools but are designed to disrupt access to web resources by letting their customers unleash a flood of fake traffic against a target site, making them inaccessible to real users.
“Unlike traditional botnets, which require the control of large numbers of infected devices, stresser/booter services industrialise DDoS attacks through centralised, rented infrastructure,” Europol noted.
According to snapshots captured on the Internet Archive, cfxsecurity, hosted on the domains cfxsecurity[.]bet and “cfxsecurity.cc,” marketed itself as the “#1 stress testing service” and that it provided “comprehensive stress test, ensuring your website and services are ready to weather any storm.”
The service offered three plans, Starter for $20/month, Premium for $50/month, and Enterprise for $130/month. QuickDown (“quickdown[.]pro”), likewise, priced its kit for anywhere between $20/month to $379/month.
Cloud security company Radware, in a report published in August 2024, revealed that QuickDown is among a new crop of stresser services that have adopted a hybrid architecture combining both botnets and dedicated servers. QuickDown is said to have introduced a “Botnet addon and new plans related to the Botnet network” in September 2023.
The latest action, conducted in collaboration with Dutch and German authorities, is part of an ongoing effort called Operation PowerOFF that aims to dismantle infrastructure facilitating DDoS-for-hire activity.
In December 2024, a set of 27 stresser services were taken offline, alongside announcing charges against six different individuals in the Netherlands and the U.S.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws