Find notable cyber news and cases, enriched with sources, timelines, and signals.

Kimwolf IoT botnet activity disrupting I2P

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

The Kimwolf botnet disrupted I2P over the past week after operators tried to join 700,000 infected bots as nodes, briefly overwhelming the anonymity network and disrupting user communications. The same botnet had already infected millions of IoT devices, showing how its scale can translate into both malicious traffic and network abuse. The activity matters because Kimwolf was also being used to test backup command-and-control options while defenders tried to contain it.

Related Happenings

Popa botnet forcing consumer TV boxes to relay traffic

Malware Activity
H score76 First: 18.06.2026 20:37 Last: 18.06.2026 20:37 Sources 1

About this happening: **Popa** is an **Android-based botnet** that turns **consumer TV boxes** and related devices into relay infrastructure, maintaining encrypted connectivity and opening tunnels on d...

Latest development: 03.07.2026 12:35

Google disabled NetNut accounts used for malware command-and-control, updated Google Play Protect to warn Android users, and disabled apps containing compromised SDKs while FBI legal actions and domain seizures targeted NetNut infrastructure. The coordinated disruption was described as degrading NetNut’s proxy network and shrinking the pool of devices available to the operator.

Vo1d botnet campaign targeting unofficial Android-based TV boxes

Campaign
H score88 First: 18.06.2026 20:37 Last: 18.06.2026 20:37 Sources 1

About this happening: **NetNut** used the **Popa botnet** and deceptive SDKs on **off-brand Android-based smart TVs**, streaming media boxes, and unofficial apps to turn home connections into **residen...

Latest development: 03.07.2026 12:35

Google disabled all Google accounts used by NetNut for malware command-and-control, updated Google Play Protect to warn Android users, and disabled apps containing the compromised SDKs. The FBI’s seizure banner appeared on netnut.com while netnut.io briefly remained accessible, and Google said the coordinated actions caused significant degradation to NetNut’s proxy network and business operations.

Dort-linked DDoS, doxing, and swatting campaign against researchers

Campaign
H score38 First: 22.05.2026 00:50 Last: 22.05.2026 00:50 Sources 1

About this happening: The **Dort**-linked harassment campaign targeted **this author and a security researcher**, using **DDoS, doxing, and swatting** to intimidate the people investigating the operato...

AISURU/Kimwolf hyper-volumetric DDoS botnet activity

Malware Activity
H score23 First: 05.02.2026 19:25 Last: 05.02.2026 19:25 Sources 1

About this happening: The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...

Latest development: 20.03.2026 08:25

The U.S. Department of Justice disrupted command-and-control infrastructure used by AISURU, Kimwolf, JackSkid, and Mossad in a court-authorized law-enforcement operation, with support from Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab.

2025 DDoS surge targets telecommunications, service providers, and carriers

Trend
H score34 First: 05.02.2026 19:25 Last: 05.02.2026 19:25 Sources 1

About this happening: **Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...

Timeline

  1. 11.02.2026 18:08 1 articles · 4mo ago

    I2P users report Kimwolf-driven router flood

    Initial Disclosure

    I2P users began reporting network disruptions after tens of thousands of Kimwolf-infected routers suddenly overwhelmed the decentralized communications network, preventing connections to legitimate nodes. Kimwolf operators also acknowledged that they had accidentally disrupted I2P after trying to join 700,000 infected bots as network nodes.

    Show sources
  2. 11.02.2026 18:08 2 articles · 4mo ago

    I2P rolls out stability improvements during Kimwolf disruption

    Mitigation Patch Update

    I2P remained at about half of its normal capacity while a new release rolled out to improve stability after the Kimwolf router influx. Kimwolf operators were also experimenting with I2P and Tor as backup command-and-control infrastructure, and the botnet’s overall numbers reportedly fell by more than 600,000 infected systems after a recent operator mistake.

    Show sources