Aisuru, KimWolf, JackSkid, and Mossad botnet C2 takedown
Law Enforcement
Summary
Hide ▲
Show ▼
The U.S. Department of Justice announced the arrest of Jacob Butler (aka Dort), a 23-year-old in Ottawa, Canada, for allegedly developing and operating the Kimwolf DDoS botnet. The DoJ says Kimwolf targeted devices such as digital photo frames and web cameras, sold access via a cybercrime-as-a-service model, and was tied to attacks on systems worldwide, including DoDIN IP addresses. Investigators say Kimwolf was linked to over 25,000 attack commands and to record-scale floods peaking at 31.4 Tbps; the case follows a coordinated disruption of related C2 infrastructure by the U.S., Canada, and Germany and seizure warrants aimed at 45 DDoS-for-hire platforms.
Related Happenings
RustDuck DDoS botnet activity targeting routers and servers
Malware Activity
H score27
First: 30.06.2026 20:45
Last: 30.06.2026 20:45
Sources 1
About this happening:
The **RustDuck** malware family is **hijacking routers, cameras, Android boxes, and servers** to assemble a **DDoS botnet** that can flood targets and knock websites and online se...
RustDuck DDoS botnet activity targeting routers and servers
Malware ActivityAbout this happening: The **RustDuck** malware family is **hijacking routers, cameras, Android boxes, and servers** to assemble a **DDoS botnet** that can flood targets and knock websites and online se...
Kimwolf operators build a cybercrime-as-a-service DDoS access market
Threat Actor Meta
H score24
First: 22.05.2026 11:50
Last: 22.05.2026 11:50
Sources 1
How related:
The operators then used a 'cybercrime-as-a-service' model to sell access to the infected devices to other cybercriminals.
About this happening:
The **Kimwolf** operators ran a **cybercrime-as-a-service** market that sold access to infected devices, widening **DDoS-for-hire** abuse. The model turned compromised **digital p...
Kimwolf operators build a cybercrime-as-a-service DDoS access market
Threat Actor MetaHow related: The operators then used a 'cybercrime-as-a-service' model to sell access to the infected devices to other cybercriminals.
About this happening: The **Kimwolf** operators ran a **cybercrime-as-a-service** market that sold access to infected devices, widening **DDoS-for-hire** abuse. The model turned compromised **digital p...
Jacob Butler Kimwolf arrest and cross-border charges
Law Enforcement
H score18
First: 22.05.2026 00:50
Last: 22.05.2026 00:50
Sources 1
How related:
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.
About this happening:
Canadian authorities **arrested Jacob Butler (“Dort”)** in **Ottawa** over the **Kimwolf DDoS botnet** case. The move escalates a **cross-border cybercrime prosecution** that also...
Jacob Butler Kimwolf arrest and cross-border charges
Law EnforcementHow related: The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.
About this happening: Canadian authorities **arrested Jacob Butler (“Dort”)** in **Ottawa** over the **Kimwolf DDoS botnet** case. The move escalates a **cross-border cybercrime prosecution** that also...
Dort-linked DDoS, doxing, and swatting campaign against researchers
Campaign
H score38
First: 22.05.2026 00:50
Last: 22.05.2026 00:50
Sources 1
About this happening:
The **Dort**-linked harassment campaign targeted **this author and a security researcher**, using **DDoS, doxing, and swatting** to intimidate the people investigating the operato...
Dort-linked DDoS, doxing, and swatting campaign against researchers
CampaignAbout this happening: The **Dort**-linked harassment campaign targeted **this author and a security researcher**, using **DDoS, doxing, and swatting** to intimidate the people investigating the operato...
Secret Blizzard Kazuar modular P2P botnet
Malware Activity
H score28
First: 16.05.2026 17:15
Last: 16.05.2026 17:15
Sources 1
About this happening:
**Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...
Secret Blizzard Kazuar modular P2P botnet
Malware ActivityAbout this happening: **Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...
Timeline
-
20.03.2026 10:05 3 articles · 3mo ago
US, Germany, and Canada take down botnet C2 infrastructure
Legal Policy Action UpdateAuthorities from the United States, Germany, and Canada took down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices, while also targeting virtual servers, internet domains, and related infrastructure used to launch hundreds of thousands of DDoS attacks against victims worldwide, including IP addresses owned by the Department of Defense Information Network (DoDIN).
Show sources
- International joint action disrupts world’s largest DDoS botnets — www.bleepingcomputer.com — 20.03.2026 10:05
- International joint action disrupts world’s largest DDoS botnets — www.bleepingcomputer.com — 20.03.2026 10:05
- Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks — thehackernews.com — 22.05.2026 11:50
-
20.03.2026 10:05 1 articles · 3mo ago
Botnet campaign scale and DDoS record claims described
Campaign Scope UpdateCourt documents and company statements describe the Aisuru, KimWolf, JackSkid, and Mossad botnets as having collectively infected and ensnared over three million IoT devices, including web cameras, digital video recorders, and WiFi routers, and as having issued more than 200,000, 25,000, 90,000, and 1,000 DDoS attack commands respectively. The same campaign is described as producing hundreds of thousands of attacks in recent months, with Aisuru setting a 31.4 Tbps record in December, a 29.7 Tbps record earlier, and a 15.72 Tbps incident in November that Microsoft attributed to the same botnet.
Show sources
- International joint action disrupts world’s largest DDoS botnets — www.bleepingcomputer.com — 20.03.2026 10:05