Authorities in the US and Canada have arrested and charged a Canadian man with operating the KimWolf Distributed Denial of Service (DDoS) botnet, which contaminated practically 2 million units worldwide.
23-year-old Jacob Butler, additionally identified on-line as “Dote,” was arrested by Canadian authorities in Ottawa on Wednesday on an extradition warrant.
In response to a felony grievance unsealed Thursday within the Alaska District, Butler was detained primarily based on on-line messaging information that exposed his IP handle and on-line account info, transaction information and hyperlinks to the Kim Wolf botnet.
Butler is at the moment awaiting extradition to the US, the place he’s charged with one rely of aiding and abetting pc intrusion, which carries a most sentence of 10 years in jail.
As detailed in court docket paperwork, KimWolf operated as a DDoS rental service and was utilized by cybercriminals to launch assaults that reached practically 30 terabits per second, the biggest printed DDoS assault on the time.
Butler used a cybercrime-as-a-service mannequin to promote entry to a big community of compromised slave programs, starting from digital picture frames and webcams to Android-based TV packing containers and streaming units.
The botnet was utilized in greater than 25,000 assaults concentrating on computer systems and servers world wide, together with IP addresses on the Division of Protection Data Community, inflicting monetary losses of greater than $1 million to some victims.
Researchers at cybersecurity agency Synthient, which has been monitoring KimWolf’s fast growth, famous in January that KimWolf compromised Android units with assaults that exploited vulnerabilities in residential proxy networks, rising that quantity to almost 2 million and producing roughly 12 million distinctive IP addresses every week.
Individually, the Central District of California lifted seizure warrants concentrating on 45 DDoS rental platforms, which disrupted a number of DDoS platforms, together with at the least one affiliated with the KimWolf botnet.
“These seizures have resulted in widespread disruption of DDoS platforms, together with at the least one affiliated with Mr. Butler’s Kim Wolf botnet,” the Division of Justice introduced yesterday.
“U.S. authorities have additionally seized area information related to many of those companies and redirected them to approved ‘splash pages’ warning potential guests that DDoS companies are unlawful.”
Butler’s arrest follows a global operation in March 2026 during which U.S., German, and Canadian authorities seized command and management infrastructure utilized by Kim Wolf and three affiliated botnets (Aisuru, JackSkid, and Mossad) that collectively contaminated greater than 3 million IoT units.
Because the U.S. Division of Justice introduced on the time, the 4 botnets collectively contaminated greater than 3 million IoT units, together with internet cameras, digital video recorders, and Wi-Fi routers, a lot of them in the US.
Automated penetration testing instruments supply actual worth, however they had been constructed to reply one query: Can an attacker get via your community? They don’t seem to be constructed to check whether or not controls block threats, detection guidelines hearth, or cloud configurations are preserved.
This information describes six surfaces that you need to truly study.
Obtain now
