Polish authorities have arrested a 20-year-old suspected of running a multi-layered botnet that targeted 'strategically important' websites worldwide, marking another victory in Europe's coordinated fight against DDoS attacks.
Polish authorities have arrested a 20-year-old man suspected of operating a sophisticated botnet that launched distributed denial-of-service (DDoS) attacks against numerous popular websites, including those of "strategic importance" to public services and government operations.
The Central Bureau for Combating Cybercrime (CBCZ) in Lublin, Poland's eighth-largest city, carried out the arrest at the suspect's apartment, where officers seized his computer equipment. The operation dismantled what investigators described as a "multi-layered botnet" infrastructure used to host and distribute DDoS attack tools.
The suspect faces six charges related to disrupting IT systems and acquiring the software to carry out such attacks. If convicted, he could face up to five years in prison. According to authorities, the 20-year-old admitted to "most of the charges" during police questioning and has been released on bail under non-custodial police supervision pending sentencing.
Technical details of the operation
CBCZ officers revealed that the suspect used "C2 stresser" and "Command and Control Node" machines to coordinate the attacks. These technical terms refer to command-and-control infrastructure commonly used in botnet operations, where infected devices are controlled remotely to flood target websites with traffic, overwhelming their servers and making them inaccessible to legitimate users.
The attacks targeted websites, portals, and services located around the world, though authorities have not disclosed specific targets beyond noting that some were of "strategic importance." This terminology typically refers to critical infrastructure, government services, or essential public utilities that rely on continuous online availability.
Part of broader European crackdown
This arrest is part of Poland's increasing involvement in coordinated European efforts to combat DDoS attacks. The CBCZ is one of 15 countries that supported Operation PowerOFF, an Europol-coordinated initiative targeting cybercrime infrastructure.
In 2025 alone, Polish authorities arrested seven individuals as part of this work, with six described as domain administrators responsible for managing the technical infrastructure behind cybercriminal operations. The CBCZ also participated in Operation Eastwood in July, which targeted the pro-Russia hacktivist group NoName057(16), resulting in charges against an 18-year-old for four counts of computer crimes.
Rising cybercrime enforcement in Poland
The arrest comes amid a significant expansion of cybercrime enforcement capabilities in Poland. According to the CBCZ's annual review, the unit has grown to more than 1,000 staffers – nearly double its size at the start of 2024. This expansion has coincided with a 30 percent increase in cybercrime charges and detentions in 2025.
Poland's aggressive stance against cybercrime reflects broader European concerns about the growing threat of DDoS attacks, which can disrupt essential services, cause significant economic damage, and be used as tools for political intimidation or extortion.
The case remains ongoing, with authorities noting that further arrests related to the same activity are possible as investigations continue into the botnet infrastructure and potential accomplices.
Context of DDoS attacks
DDoS attacks have become increasingly sophisticated and accessible in recent years, with "stresser" services available for hire on the dark web, allowing even technically unsophisticated criminals to launch powerful attacks. These services typically operate on a subscription model, where customers can pay to have their targets taken offline for specified periods.
The use of multi-layered botnet infrastructure, as described in this case, represents a more advanced approach where attackers maintain control over multiple layers of compromised systems, making their operations more resilient to takedown attempts and harder to trace back to the original perpetrators.
As online services become increasingly critical to daily life and national infrastructure, law enforcement agencies across Europe are stepping up efforts to identify and prosecute those responsible for disrupting these essential services through cyber attacks.
Comments
Please log in or register to join the discussion