The arrest
Poland's Central Bureau for Combating Cybercrime (CBCZ) arrested a 20-year-old man in Lublin for running DDoS attacks against what authorities called "strategically important websites" - likely government and essential services. The suspect admitted to most of the six charges and was released on bail with police supervision.
Officers seized computer equipment from his apartment, claiming they "dismantled the IT infrastructure used to host and distribute DDoS attack tools." The suspect faces up to five years in prison.
The technical setup
CBCZ described the operation as a "multi-layered botnet" using "C2 stresser" and "Command and Control Node" machines. The targets were global, though authorities haven't specified which sites were hit.
For enterprise security teams, this case illustrates the detection challenge: residential networks running C2 infrastructure are harder to spot than commercial hosting. The suspect operated from home, not a data center.
Regional context
Poland has become a hotspot for cybercrime enforcement. The CBCZ reported a 30% increase in cybercrime charges in 2025 and doubled staffing to over 1,000 people since early 2024. The country participated in Europol's Operation PowerOFF, arresting seven individuals in 2025, and Operation Eastwood targeting pro-Russia hacktivists.
This arrest follows recent Polish operations: a Russian national detained in November 2025 for database hacking, and three Ukrainians arrested in December with Flipper Zero devices targeting IT systems. Russia-Ukraine war spillover continues to drive Poland's aggressive cyber posture.
What this means
The case demonstrates European law enforcement's growing capacity to track residential C2 infrastructure. CBCZ's statement that "further arrests related to the same activity are possible" suggests they've mapped the broader network.
For network defenders: C2 beaconing from residential IPs remains a blind spot. Traditional enterprise detection tools assume threats come from known-bad infrastructure, not compromised home routers. The trade-off between privacy and monitoring residential traffic complicates detection at scale.