Operation PowerOFF Takes Down 53 DDoS‑For‑Hire Domains, Exposes 3 Million Criminal Accounts
What Happened – International law‑enforcement agencies coordinated Operation PowerOFF, seizing 53 domains that offered DDoS‑for‑hire services and arresting four suspects. The takedown gave authorities access to databases containing more than 3 million user accounts linked to over 75 000 criminal operators.
Why It Matters for TPRM –
- DDoS‑for‑hire platforms are a common supply‑chain threat that can be leveraged against third‑party vendors and their customers.
- Exposure of millions of criminal accounts highlights the scale of the underground market and the likelihood of repeat attacks.
- Ongoing enforcement and awareness campaigns increase the risk profile for organizations that rely on external hosting or SaaS services without robust DDoS mitigation.
Who Is Affected – Technology‑SaaS providers, cloud hosting services, telecommunications carriers, financial services, e‑commerce platforms, and any organization that could be a target of DDoS extortion.
Recommended Actions – Review your DDoS protection contracts, validate that vendors employ scrubbing services and traffic‑filtering controls, and update incident‑response playbooks to include boot‑service abuse scenarios.
Technical Notes – The operation targeted boot‑service infrastructure (command‑and‑control servers, payment gateways, and user databases). No specific software vulnerability was disclosed; the threat vector was the illicit third‑party service model itself. Data types accessed included usernames, email addresses, payment details, and attack logs. Source: SecurityAffairs