A coordinated international enforcement action has dealt a significant blow to the distributed denial-of-service ecosystem, identifying approximately 75,000 DDoS users and taking offline 53 malicious domains across 21 countries.
International operation targets 75K DDoS users
Operation PowerOFF, which reached a major milestone on April 13, 2026, represents one of the most extensive crackdowns on DDoS infrastructure in recent years. The operation targeted the networks, services, and individuals actively engaged in conducting distributed denial-of-service attacks—a common cybercriminal tactic used to overwhelm online systems and render them inaccessible.
53 malicious domains taken offline across borders
The scale of the operation underscores the persistent challenge that DDoS attacks pose to internet stability and business continuity. These attacks have become increasingly sophisticated and accessible, with criminal-as-a-service platforms lowering barriers to entry for would-be attackers with minimal technical expertise.
Criminal infrastructure disrupted but underlying motivations persist
The multi-national scope of Operation PowerOFF highlights how DDoS infrastructure operates across borders, requiring coordinated law enforcement and cybersecurity industry collaboration to effectively disrupt. By identifying such a large number of users—both operators and participants in DDoS campaigns—authorities gain valuable intelligence into attack patterns, command-and-control infrastructure, and the broader ecosystem enabling these crimes.
Organizations urged to strengthen DDoS defenses
The takedown of 53 domains removes critical infrastructure points that facilitated DDoS-for-hire services, botnet operations, and attack coordination. These domains often served as storefronts or administrative hubs where attackers rented access to compromised networks or purchased DDoS amplification services.
This enforcement action sends a clear message that international authorities are escalating efforts against DDoS perpetrators. However, cybersecurity experts caution that while high-profile takedowns disrupt operations temporarily, the underlying motivations driving DDoS attacks—financial gain, competitive sabotage, and activism—remain largely unchanged.
Organizations are advised to strengthen defenses against DDoS attacks through robust mitigation services, network redundancy, and threat intelligence sharing. As Operation PowerOFF demonstrates, tackling the DDoS problem requires sustained pressure on both the infrastructure supporting these attacks and the individuals orchestrating them.