ZadeNor AI
Back to Blog
Cybersecurity

Alleged Kimwolf Botmaster 'Dort' Arrested, Charged in U.S. and Canada

June 7, 2026
5 min
419 views
By ZadeNor AI Team
Alleged Kimwolf Botmaster 'Dort' Arrested, Charged in U.S. and Canada

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

The Kimwolf Botnet: Unmasking the Mastermind Behind a Record-Breaking DDoS Attack

In a significant breakthrough in the fight against cybercrime, Canadian authorities have arrested a 23-year-old Ottawa man, Jacob Butler, alias "Dort," on suspicion of building and operating the Kimwolf botnet, a fast-spreading Internet-of-Things (IoT) botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months.

The Kimwolf Botnet: A Record-Breaking DDoS Attack

The Kimwolf botnet was responsible for record-smashing DDoS attacks, with volumes measured at nearly 30 Terabits per second, causing financial losses exceeding one million dollars for some victims. The botnet issued over 25,000 attack commands, making it one of the most prolific DDoS botnets in history.

The Investigation: A Global Effort

The investigation into the Kimwolf botnet was a global effort, involving international law enforcement partners, including the FBI, the Ontario Provincial Police, and the Defense Criminal Investigative Service (DCIS). The authorities seized the technical infrastructure for Kimwolf and three other large DDoS botnets, named Aisuru, JackSkid, and Mossad, which were competing for the same pool of vulnerable devices.

The Botmaster: A Profile of Jacob Butler

Jacob Butler, alias "Dort," was identified as the Kimwolf botmaster after a thorough investigation by KrebsOnSecurity. The authorities connected Butler to the administration of the Kimwolf botnet through IP address, online account information, transaction records, and online messaging application records obtained through the issuance of legal process. Butler's real-life and cybercriminal identities were not well-separated, making it easier for investigators to track him down.

The Charges: A Serious Offense

Butler is facing serious charges, including unauthorized user of computer, possession of device to obtain unauthorized use of computer system or to commit mischief, and mischief in relation to computer data. In the United States, he is facing one count of aiding and abetting computer intrusion, which carries a maximum sentence of 10 years in prison.

The Implications: A Growing Threat

The Kimwolf botnet is a reminder of the growing threat of IoT botnets and the need for greater security measures to protect vulnerable devices. The botnet's ability to issue over 25,000 attack commands and cause record-breaking DDoS attacks highlights the potential for significant damage and financial loss.

The Future: A Continued Effort

The arrest of Jacob Butler and the dismantling of the Kimwolf botnet are significant milestones in the fight against cybercrime. However, the threat of IoT botnets is ongoing, and continued efforts are needed to protect vulnerable devices and prevent future attacks.

Conclusion

The Kimwolf botnet is a record-breaking DDoS attack that highlights the growing threat of IoT botnets. The arrest of Jacob Butler and the dismantling of the botnet are significant milestones in the fight against cybercrime. However, the threat of IoT botnets is ongoing, and continued efforts are needed to protect vulnerable devices and prevent future attacks.

Forward-Looking Thoughts

The Kimwolf botnet is a reminder of the need for greater security measures to protect vulnerable devices. The use of IoT devices in DDoS attacks highlights the potential for significant damage and financial loss. As the use of IoT devices continues to grow, it is essential to prioritize security and take steps to prevent future attacks.

Practical Insights and Implications

  • The Kimwolf botnet highlights the growing threat of IoT botnets and the need for greater security measures to protect vulnerable devices.
  • The botnet's ability to issue over 25,000 attack commands and cause record-breaking DDoS attacks highlights the potential for significant damage and financial loss.
  • The arrest of Jacob Butler and the dismantling of the Kimwolf botnet are significant milestones in the fight against cybercrime.
  • Continued efforts are needed to protect vulnerable devices and prevent future attacks.

Technical Details

  • The Kimwolf botnet was a fast-spreading IoT botnet that enslaved millions of devices for use in a series of massive DDoS attacks.
  • The botnet was responsible for record-smashing DDoS attacks, with volumes measured at nearly 30 Terabits per second.
  • The botnet issued over 25,000 attack commands, making it one of the most prolific DDoS botnets in history.
  • The authorities seized the technical infrastructure for Kimwolf and three other large DDoS botnets, named Aisuru, JackSkid, and Mossad.

Real-World Applications

  • The Kimwolf botnet highlights the potential for significant damage and financial loss from IoT botnets.
  • The botnet's ability to issue over 25,000 attack commands and cause record-breaking DDoS attacks highlights the need for greater security measures to protect vulnerable devices.
  • The arrest of Jacob Butler and the dismantling of the Kimwolf botnet are significant milestones in the fight against cybercrime.

Specific Examples

  • The Kimwolf botnet was responsible for record-smashing DDoS attacks, with volumes measured at nearly 30 Terabits per second.
  • The botnet issued over 25,000 attack commands, making it one of the most prolific DDoS botnets in history.
  • The authorities seized the technical infrastructure for Kimwolf and three other large DDoS botnets, named Aisuru, JackSkid, and Mossad.

Source: https://krebsonsecurity.com/2026/05/alleged-kimwolf-botmaster-dort-arrested-charged-in-u-s-and-canada/

Source: https://krebsonsecurity.com/2026/05/alleged-kimwolf-botmaster-dort-arrested-charged-in-u-s-and-canada/

About the Author

ZadeNor AI Team is a leading expert in CYBERSECURITY, contributing to cutting-edge research and development in the field.

Share this article

TwitterLinkedInFacebookWhatsAppRedditEmail

Related Posts

CISA Admin Leaked AWS GovCloud Keys on Github

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

411
5 min
'Scattered Spider' Member 'Tylerb' Pleads Guilty

'Scattered Spider' Member 'Tylerb' Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.

589
5 min
Patch Tuesday, April 2026 Edition

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.

930
5 min