Find notable cyber news and cases, enriched with sources, timelines, and signals.

Dort / DortDev abuse-enablement ecosystem behind Kimwolf

Threat Actor Meta
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

Public tracing in 2026 tied Dort / DortDev to the Kimwolf operator and to underground services that enabled account abuse at scale. The linkage matters because the same identity appears across LAPSUS$-adjacent spaces, cybercrime forums, and Telegram channels focused on SIM-swapping and account takeover. Disposable-email registration and CAPTCHA bypass tooling gave the operator infrastructure for automated signups, evasion, and bulk abuse. The profile also connects that ecosystem to theft and monetization of Microsoft Xbox Game Pass accounts.

Related Happenings

REF6045 ClickFix banking fraud campaign targeting Mexican financial users

Campaign
H score36 First: 08.07.2026 15:52 Last: 08.07.2026 15:52 Sources 1

About this happening: The **REF6045** campaign is actively targeting **customers of Mexican banks, fintechs, payment processors, and cryptocurrency exchanges**, using **ClickFix** lures to push victims...

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
H score38 First: 08.05.2026 14:00 Last: 08.05.2026 14:00 Sources 1

About this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...

Contagious Interview cryptocurrency social-engineering and malware-delivery campaign

Campaign
H score37 First: 23.03.2026 20:09 Last: 23.03.2026 20:09 Sources 1

About this happening: A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...

Signal and WhatsApp anti-phishing account-hardening guidance

Defensive Guidance
H score26 First: 21.03.2026 15:17 Last: 21.03.2026 15:17 Sources 1

About this happening: A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...

Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign

Campaign
H score38 First: 09.03.2026 23:24 Last: 09.03.2026 23:24 Sources 1

About this happening: An **ongoing Russian intelligence-linked** phishing **campaign** is targeting **Signal** and **WhatsApp** users and has evolved from stealing verification codes and account PINs t...

Latest development: 27.06.2026 01:06

FBI and CISA warn that the Russian intelligence services-linked Signal phishing campaign has evolved from stealing verification codes, account PINs, and linked-device access to eliciting victims' Backup Recovery Keys through impersonated Signal support messages. If a target provides the key, attackers can restore Signal's Secure Backups on their own devices and read historical messages, including private and group conversations, while the campaign continues to target high-intelligence-value individuals.

Timeline

  1. 28.02.2026 14:01 1 articles · 4mo ago

    Kimwolf retaliation against researchers on January 2, 2026

    Victim Impact Update

    Within hours of the January 2, 2026 publication about the Kimwolf botnet, Dort created a Discord server in the name of KrebsOnSecurity and used it to publish personal information and violent threats against Benjamin Brundage and the author, while also driving DDoS abuse, doxing, and email flooding.

    Show sources
  2. 28.02.2026 14:01 2 articles · 4mo ago

    Profile ties Dort to aliases and abuse-enablement tooling

    Attribution Update

    Public OSINT and breach-data pivots connect Dort to the aliases CPacket, M1ce, DortDev, and MemeClient, a 2017 GitHub account, forum accounts on Nulled and Cracked, and 2022 promotion of temporary-email registration and Dortsolver CAPTCHA-bypass tooling; the same identity also appears in March 2022 LAPSUS$ chat activity and in a theft scheme that stole more than $250,000 worth of Microsoft Xbox Game Pass accounts.

    Show sources