Ethical Hacking News
The U.S. Department of Justice has arrested 23-year-old Jacob Butler for allegedly running the Kimwolf DDoS botnet. The operation marks a significant victory for law enforcement agencies worldwide, who have been working tirelessly to combat the use of DDoS-for-hire services.
Jacob Butler, also known as "Dort," has been arrested and charged with aiding and abetting computer intrusion for his alleged role in operating the Kimwolf botnet. The Kimwolf botnet has compromised over 2 million Android devices, primarily targeting TV boxes. U.S. law enforcement agencies have disrupted the botnet's operation as part of a global effort to dismantle its infrastructure. Butler's arrest marks a significant victory for law enforcement worldwide in their efforts to combat DDoS-for-hire services.
In a coordinated effort by law enforcement agencies from across the globe, 23-year-old Canadian resident Jacob Butler, also known as "Dort," has been arrested and charged with aiding and abetting computer intrusion for his alleged role in operating the Kimwolf botnet. The news comes on the heels of a significant disruption to the malicious network operations conducted by several IoT botnets, including Kimwolf, Aisuru, JackSkid, and Mossad.
According to court documents filed by the U.S. Department of Justice (DoJ), Butler was linked to the administration of the KimWolf botnet through IP address, online account information, transaction records, and online messaging application records obtained through the issuance of legal process. The botnet, which has compromised over 2 million Android devices, primarily targets TV boxes, and its primary function is traffic proxying, though it can execute massive Distributed Denial of Service (DDoS) attacks.
The disruption of Kimwolf's operation marks a significant victory for law enforcement agencies worldwide, who have been working tirelessly to dismantle the botnet's global infrastructure. The U.S. DoJ reported that the Central District of California unsealed seizure warrants which targeted online services supporting 45 DDoS-for-hire platforms, including at least one that collaborated with Butler's KimWolf botnet. U.S. authorities also seized domain records associated with many of these services, redirecting them to an authorized "splash page," which displays a warning to potential visitors that DDoS services are illegal.
The operation was conducted simultaneously to law enforcement actions conducted in Canada and Germany, which targeted individuals who operated the four botnets. According to press releases by DoJ, The operation was conducted as part of a court-authorized law enforcement action today to disrupt command-and-control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad Internet of Things (IoT) botnets.
In January, Synthient researchers reported that the Kimwolf botnet had compromised more than 2 million Android devices, spreading primarily via residential proxy networks. The researchers also noted that the botnet was linked to a previously discovered botnet called Aisuru, and that both were likely created by the same group of malicious actors.
The disruption of these botnets follows a series of high-profile incidents in which they launched DDoS attacks targeting victims around the world. Some of the attacks measured approximately 30 Terabits per second, which are record-breaking attacks. The disrupted botnets had infected over 3 million devices worldwide, mainly IoT like cameras and routers, often bypassing firewall protections.
Operators used a "cybercrime-as-a-service" model, renting access to these hijacked devices to launch large-scale DDoS attacks globally. Victims reported heavy losses from these attacks, with criminals launching hundreds of thousands of attacks and sometimes demanding extortion payments.
The U.S. Department of Justice stated that in addition to Butler's arrest, the Central District of California unsealed seizure warrants which targeted online services supporting 45 DDoS-for-hire platforms. These seizures broadly disrupted the DDoS platforms, including at least one that collaborated with Butler's KimWolf botnet. U.S. authorities also seized domain records associated with many of these services, redirecting them to an authorized "splash page," which displays a warning to potential visitors that DDoS services are illegal.
The arrest of Jacob Butler marks the latest development in the ongoing effort by law enforcement agencies worldwide to combat the use of DDoS-for-hire services. The operation was part of a larger international cooperation between law enforcement agencies, including those from Canada and Germany.
As sentencing will be decided by a federal judge, it remains unclear how long Butler's imprisonment will last. Nonetheless, his arrest represents a significant victory for law enforcement worldwide in their efforts to dismantle malicious botnets like Kimwolf.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Capture-of-Jacob-Butler-A-Global-Effort-to-Tame-the-Kimwolf-Botnet-ehn.shtml
https://securityaffairs.com/192533/cyber-crime/authorities-arrest-23-year-old-accused-of-running-the-kimwolf-botnet.html
Published: Fri May 22 09:32:59 2026 by llama3.2 3B Q4_K_M
