Canadian man arrested over massive KimWolf DDoS botnet that infected millions of devices worldwide

Published: 25 May 2026
masive new botnet Kimwolf

Canadian authorities have arrested a 23-year-old Canadian man suspected of managing an extensive botnet.

Allegedly, Jacob Butler, online also known as “Dort,” was involved in the development and operation of the KimWolf botnet, an infamous DDoS-for-hire service.

The botnet infected more than one million internet-connected devices worldwide, including webcams and digital photo frames, and other IoT hardware. Once compromised, the operators used a “cybercrime-as-a-service” model to sell access to the infected devices to other cybercriminals.

ADVERTISEMENT

Infected devices were then forced to participate in DDoS attacks, targeting computers and servers located throughout the world, including Department of Defense Information Network (DoDIN) IP addresses.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The US Department of Justice claims that the botnet was linked to attacks reaching nearly 30 terabits per second, which is a record in DDoS attack volume. Authorities claim that the KimWolf botnet conducted more than 25,000 attack commands before law enforcement agencies disrupted its command-and-control (C2) infrastructure in March this year.

Law enforcement agencies were able to identify the Canadian suspect as the administrator of the botnet based on his IP addresses, online account details, transaction data, and chat conversations.

In addition, US authorities disrupted several DDoS platforms that collaborated with the KimWolf botnet. Visitors are redirected to a so-called splash page, which shows a warning that DDoS services are illegal.

Butler is charged with one count of aiding and abetting computer intrusion. If found guilty, he could face a prison sentence of up to 10 years.

Has your password leaked?

Enter your password to check if it has leaked. Having a leaked password creates the risk of identity theft, financial damages, and worse!
35,607,543,468
Exposed Passwords
Ad
Protect your personal information from cybercriminals and get 50% off the top-rated password manager
Learn More
link_title link_title

Butler’s arrest follows a broader international crackdown launched in March targeting several major IoT botnets, including KimWolf, AISURU, JackSkid, and Mossad. The coordinated operation involved authorities from Canada, Germany, and the United States, alongside support from private-sector cybersecurity firms.

ADVERTISEMENT

In February, cybersecurity expert Brian Krebs identified Butler as the Kimwolf botmaster after digging through his various email addresses, registrations on the cybercrime forums, and posts to public Telegram and Discord servers.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked