The arrests were announced on May 7, 2025, and are part of a larger operation that dismantled six illegal DDoS-for-hire services—Cfxapi, Cfxsecurity, neostress, jetstress, quickdown, and zapcut. These platforms allowed customers to launch powerful cyberattacks for as little as EUR 10.
According to Europol, the services offered easy-to-use interfaces that required little or no technical knowledge. Users simply entered the target IP address, chose the type of attack, and paid a fee. The attacks targeted schools, businesses, government services, and gaming platforms between 2022 and 2025.
“These takedowns reflect our commitment to dismantling the infrastructure that enables cybercriminals to conduct disruptive attacks with virtually no technical skills,” Europol said in a press release.
The arrests were part of a coordinated international effort involving law enforcement from Poland, the Netherlands, Germany, and the United States. Europol played a key role by offering analytical and operational support.
As part of the operation, the U.S. government seized nine domains linked to the illegal DDoS services. Meanwhile, Dutch authorities used a creative strategy by setting up fake DDoS-for-hire websites that warned users about the legal risks of engaging in cybercrime.
Data gathered from the Netherlands-based hosting centers helped identify the suspects. German investigators also assisted by sharing important intelligence and identifying one of the accused.
The successful operation demonstrates how global cooperation is helping to take down criminal cyber networks and protect vital digital services around the world.
Tags:
Cybercrime in World