Ethical Hacking News
A suspected Kimwolf botnet admin has been arrested by US and Canada authorities in a significant blow to the cybercrime community. Jacob Butler, also known as "Dort," was charged with aiding and abetting computer intrusions after his links to the notorious KimWolf DDoS-for-hire service were exposed.
Canadian authorities have arrested Jacob Butler, also known as "Dort," on charges of operating the KimWolf DDoS botnet. The arrest is part of an international effort to crack down on cybercrime and protect individuals and businesses from devastating DDoS attacks. KimWolf was a DDoS-for-hire service that allowed cybercriminals to launch large-scale attacks for a fee. The botnet infected over 3 million IoT devices, caused financial losses exceeding $1 million, and reached speeds of nearly 30 terabits per second. U.S. authorities also seized domain records associated with DDoS services, redirecting them to a warning page for potential visitors.
In a significant development, Canadian authorities have arrested and charged Jacob Butler, also known as "Dort," with operating the notorious KimWolf distributed denial-of-service (DDoS) botnet. The arrest, which took place in Ottawa, is part of an ongoing international effort to crack down on cybercrime and protect individuals and businesses from devastating DDoS attacks.
According to court documents unsealed in the District of Alaska, Butler was taken into custody based on IP address and online account information, transaction records, and online messaging records that exposed his links to the KimWolf botnet. The move is a significant blow to the cybercrime community, which has long relied on DDoS-for-hire services like KimWolf to launch attacks.
KimWolf operated as a DDoS-for-hire service, where cybercriminals could pay for access to a massive network of compromised enslaved systems. These systems, ranging from digital photo frames and web cameras to Android-based TV boxes and streaming devices, were used to launch devastating attacks that reached nearly 30 terabits per second – the largest DDoS attack publicly disclosed at the time.
Using this cybercrime-as-a-service model, Butler sold access to his network of compromised systems, which generated approximately 12 million unique IP addresses each week. The botnet was used in more than 25,000 attacks targeting computers and servers worldwide, including Department of Defense Information Network IP addresses, and caused financial losses exceeding $1 million for some victims.
The arrest follows a March 2026 international operation in which U.S., German, and Canadian authorities seized command-and-control infrastructure used by KimWolf and three related botnets (Aisuru, JackSkid, and Mossad), which collectively infected over 3 million IoT devices. This operation disrupted multiple DDoS platforms, including at least one that collaborated with the KimWolf botnet.
In addition to Butler's arrest, U.S. authorities seized domain records associated with many of these services, redirecting them to an authorized "splash page," which displays a warning to potential visitors that DDoS services are illegal.
This move is part of a broader effort by law enforcement agencies around the world to combat DDoS attacks and hold perpetrators accountable. As cybercrime continues to evolve, it's essential for individuals and businesses to take proactive steps to protect themselves from these devastating attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Arrest-Made-Suspected-Kimwolf-Botnet-Admin-Charged-by-US-and-Canada-Amid-Global-DDoS-Attack-Warnings-ehn.shtml
https://www.bleepingcomputer.com/news/security/us-and-canada-arrest-and-charge-suspected-kimwolf-botnet-admin/
Published: Fri May 22 04:33:21 2026 by llama3.2 3B Q4_K_M
