European law enforcement agencies have launched a large scale cybercrime crackdown, coordinating an operation that targeted for hire distributed denial of service (DDoS) services, dismantled dozens of domains, and directly contacted tens of thousands of users involved in the activity.
According to reports, Europol coordinated what is known as Operation PowerOFF, a long running international effort aimed at shutting down online platforms that allow users to pay for cyberattacks designed to overwhelm and disable websites. These services are often marketed as “stress testing tools” but are widely used for illegal attacks on businesses, schools, government systems, and online services.
As part of the latest phase of the operation, authorities arrested four individuals suspected of operating or facilitating these services and took down 53 domains linked to DDoS infrastructure. In a more unusual step, law enforcement agencies also sent warning emails to approximately 75,000 individuals believed to have used or interacted with these platforms.
The emails reportedly urged recipients to stop participating in DDoS related activities and warned of potential legal consequences. This approach reflects a growing strategy among cybercrime investigators: not only targeting the operators of illegal services, but also reaching out directly to users who may be contributing to cyberattacks.
DDoS attacks work by flooding a target server or network with massive volumes of traffic, causing websites or online services to slow down or crash entirely. Over the past decade, these attacks have become easier to launch due to the availability of “DDoS for hire” platforms, which allow even non technical users to rent attack tools for a fee.
Europol and its partner agencies have repeatedly warned that these services lower the barrier to entry for cybercrime, enabling large numbers of low skilled users to engage in disruptive online behaviour. This has led to increased pressure on law enforcement agencies to disrupt not just individual attacks, but the entire ecosystem supporting them.
Operation PowerOFF has been running in multiple phases over several years, with earlier takedowns also targeting major DDoS service providers and infrastructure networks. The latest action suggests authorities are now expanding their focus beyond infrastructure removal to include direct user deterrence.
Security experts say the decision to email tens of thousands of users is significant because it signals an attempt to break the demand side of the market. By warning users directly, authorities hope to reduce repeat offending and discourage casual participation in cyberattacks that are often seen as low risk by those involved.
However, analysts also note that the effectiveness of such strategies depends on enforcement consistency and the ability to track reoffending users across platforms. Cybercrime ecosystems are highly adaptive, and new services often emerge quickly after takedowns.
The operation also highlights the increasingly coordinated nature of international cyber policing. Europol’s involvement indicates cross border cooperation between multiple European countries, reflecting the global scale of digital threats and the need for unified responses.
As cybercrime continues to evolve, authorities are expected to combine technical takedowns with behavioural interventions like direct warnings, aiming to disrupt both the infrastructure and the user base behind illegal online services.
The latest operation sends a clear message: participation in cyberattacks is no longer an anonymous or consequence free activity, even for users operating behind screens.
