- A Canadian man was arrested for allegedly operating the Kimwolf DDoS botnet, a service sold to other cybercriminals.
- The botnet targeted firewalled internet-of-things devices and launched attacks on U.S. Department of Defense networks.
- Authorities also dismantled 45 DDoS-for-hire platforms linked to the operation in a multinational effort.
On May 22, 2026, the U.S. Department of Justice announced the arrest of 23-year-old Canadian Jacob Butler for allegedly running the Kimwolf distributed denial-of-service botnet. The charges stem from a model where he sold access to enslaved devices, including photo frames and webcams, to other cybercriminals.
According to court documents, Butler was linked to the botnet’s administration through his IP address and online accounts. The investigation revealed his connection via Discord messages posted by an account called resi[.]to, records show.
However, Butler previously claimed his old persona was compromised after security journalist Brian Krebs exposed him in February. He asserted he had not used the “Dort” alias since 2021, blaming an impersonator for the recent activity.
Consequently, this arrest follows a major law enforcement operation two months prior that disrupted several botnets. The DoJ stated that Kimwolf, a variant of AISURU, issued over 25,000 attack commands and was involved in record-setting DDoS floods peaking at 31.4 Tbps.
Meanwhile, authorities executed seizure warrants targeting services supporting 45 DDoS-for-hire platforms. One of these platforms was confirmed to have collaborated directly with the Kimwolf botnet operation.
Butler now faces a single count of aiding and abetting computer intrusion. If convicted, he could receive a prison sentence of up to 10 years.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
