Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Dort / DortDev abuse-enablement ecosystem behind Kimwolf

Threat Actor Meta
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

Public tracing in 2026 tied Dort / DortDev to the Kimwolf operator and to underground services that enabled account abuse at scale. The linkage matters because the same identity appears across LAPSUS$-adjacent spaces, cybercrime forums, and Telegram channels focused on SIM-swapping and account takeover. Disposable-email registration and CAPTCHA bypass tooling gave the operator infrastructure for automated signups, evasion, and bulk abuse. The profile also connects that ecosystem to theft and monetization of Microsoft Xbox Game Pass accounts.

Related Happenings

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
First: 08.05.2026 14:00 Last: 08.05.2026 14:00 Sources 1

About this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...

Open Happening

Contagious Interview cryptocurrency social-engineering and malware-delivery campaign

Campaign
First: 23.03.2026 20:09 Last: 23.03.2026 20:09 Sources 1

About this happening: A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...

Open Happening

Signal and WhatsApp anti-phishing account-hardening guidance

Defensive Guidance
First: 21.03.2026 15:17 Last: 21.03.2026 15:17 Sources 1

About this happening: A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...

Open Happening

Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign

Campaign
First: 09.03.2026 23:24 Last: 09.03.2026 23:24 Sources 1

About this happening: An **ongoing Russian state-sponsored phishing campaign** is targeting **Signal** and **WhatsApp** users, with the **UK NCSC** warning on **March 31** that **Russia-based actors**...

Open Happening

Microsoft Teams adds lobby labeling and separate admission for third-party bots

Security Tool/Service
First: 09.03.2026 19:12 Last: 09.03.2026 19:12 Sources 1

About this happening: **Microsoft Teams** is adding **automatic lobby labels** for **external third-party bots**, making it harder for non-human participants to blend in and reducing accidental admissi...

Open Happening

Timeline

  1. 28.02.2026 14:01 1 articles · 2mo ago

    Kimwolf retaliation against researchers on January 2, 2026

    Victim Impact Update

    Within hours of the January 2, 2026 publication about the Kimwolf botnet, Dort created a Discord server in the name of KrebsOnSecurity and used it to publish personal information and violent threats against Benjamin Brundage and the author, while also driving DDoS abuse, doxing, and email flooding.

    Show sources
    Open in new tab
  2. 28.02.2026 14:01 2 articles · 2mo ago

    Profile ties Dort to aliases and abuse-enablement tooling

    Attribution Update

    Public OSINT and breach-data pivots connect Dort to the aliases CPacket, M1ce, DortDev, and MemeClient, a 2017 GitHub account, forum accounts on Nulled and Cracked, and 2022 promotion of temporary-email registration and Dortsolver CAPTCHA-bypass tooling; the same identity also appears in March 2022 LAPSUS$ chat activity and in a theft scheme that stole more than $250,000 worth of Microsoft Xbox Game Pass accounts.

    Show sources
    Open in new tab