Skip to main content

Operation PowerOFF Disrupts 75,000 DDoS Users Worldwide

Dark server room with severed cables and shattered smartphone screen.

How do you stop a flood of malicious traffic that can knock services offline around the world — and what happens to the users and infrastructure behind it when someone tries? On April 13, 2026, a coordinated action under the name Operation PowerOFF moved to answer that question by targeting the distributed denial-of-service (DDoS) ecosystem, with results reported by BleepingComputer that merit close attention.

What the operation did

BleepingComputer reported that the latest wave of Operation PowerOFF, carried out on April 13, 2026, focused on the DDoS ecosystem and its users across 21 countries. According to that report, the operation identified about 75,000 DDoS users and took down 53 domains. Those are the concrete figures released in the coverage of the operation.

What the numbers say — and what they leave open

The juxtaposition of scale and scope is immediate: tens of thousands of users identified alongside dozens of domains taken offline. The figures suggest a campaign that reached across national boundaries, but the available report does not provide further public detail about who executed the action, the methods used to identify users, or the legal and technical steps involved in taking domains down. Those gaps matter because the choices made in identification and disruption shape both immediate effects and longer-term consequences for internet resilience and accountability.

Why this matters to different audiences

  • Technologists: The reported scale — tens of thousands of users — signals that DDoS activity remains distributed and potentially resilient. How those users were identified and how takedowns were executed will affect defensive planning and incident response.
  • Policymakers: Cross-border activity spanning 21 countries raises questions about jurisdiction, cooperation, and the regulatory levers available to address transnational cyber harms. Policymakers will need to weigh transparency, oversight, and the international norms that govern such operations.
  • Service providers and users: Domain takedowns can disrupt not only malicious infrastructure but also collateral services if actions are imprecise. Providers and end users alike will want clarity about targets, safeguards, and remediation processes.
  • Adversaries and the broader ecosystem: Public reports of identification and disruption can change incentive structures — encouraging adaptation by malicious actors and possibly deterring some activity — but the long-term impact depends on follow-through and visibility into outcomes.

Conclusion

Operation PowerOFF’s reported identification of roughly 75,000 DDoS users and the takedown of 53 domains on April 13, 2026, underscore both the scale of the DDoS problem and the complexities of responding across borders. The facts that are public point to an assertive disruption effort; what remains to be seen is how durable the effects will be, how transparently actions will be explained, and whether the operation prompts changes in attacker behavior or defense strategy. If tens of thousands can be identified, what will be required to turn identification into sustained reductions in harm?

Source: BleepingComputer — Operation PowerOFF identifies 75k DDoS users, takes down 53 domains