Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Aisuru, KimWolf, JackSkid, and Mossad botnet C2 takedown

Law Enforcement
First reported
Last updated
Happening score
H score 20
2 unique sources, 2 articles

Summary

Hide ▲

The U.S. Department of Justice announced the arrest of Jacob Butler (aka Dort), a 23-year-old in Ottawa, Canada, for allegedly developing and operating the Kimwolf DDoS botnet. The DoJ says Kimwolf targeted devices such as digital photo frames and web cameras, sold access via a cybercrime-as-a-service model, and was tied to attacks on systems worldwide, including DoDIN IP addresses. Investigators say Kimwolf was linked to over 25,000 attack commands and to record-scale floods peaking at 31.4 Tbps; the case follows a coordinated disruption of related C2 infrastructure by the U.S., Canada, and Germany and seizure warrants aimed at 45 DDoS-for-hire platforms.

Related Happenings

Kimwolf operators build a cybercrime-as-a-service DDoS access market

Threat Actor Meta
First: 22.05.2026 11:50 Last: 22.05.2026 11:50 Sources 1

How related: The operators then used a 'cybercrime-as-a-service' model to sell access to the infected devices to other cybercriminals.

About this happening: The **Kimwolf** operators ran a **cybercrime-as-a-service** market that sold access to infected devices, widening **DDoS-for-hire** abuse. The model turned compromised **digital p...

Open Happening

Jacob Butler Kimwolf arrest and cross-border charges

Law Enforcement
First: 22.05.2026 00:50 Last: 22.05.2026 00:50 Sources 1

How related: The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.

About this happening: Canadian authorities **arrested Jacob Butler (“Dort”)** in **Ottawa** over the **Kimwolf DDoS botnet** case. The move escalates a **cross-border cybercrime prosecution** that also...

Open Happening

Dort-linked DDoS, doxing, and swatting campaign against researchers

Campaign
First: 22.05.2026 00:50 Last: 22.05.2026 00:50 Sources 1

About this happening: The **Dort**-linked harassment campaign targeted **this author and a security researcher**, using **DDoS, doxing, and swatting** to intimidate the people investigating the operato...

Open Happening

Secret Blizzard Kazuar modular P2P botnet

Malware Activity
First: 16.05.2026 17:15 Last: 16.05.2026 17:15 Sources 1

About this happening: **Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...

Open Happening

Xlabs_v1 Mirai-derived ADB DDoS botnet

Malware Activity
First: 06.05.2026 23:21 Last: 06.05.2026 23:21 Sources 1

About this happening: The **xlabs_v1** Mirai-derived botnet has been exposed as a **DDoS** tool that abuses **Android Debug Bridge (ADB)** on internet-facing devices, expanding risk to **Android**, rou...

Open Happening

Timeline

  1. 20.03.2026 10:05 3 articles · 2mo ago

    US, Germany, and Canada take down botnet C2 infrastructure

    Legal Policy Action Update

    Authorities from the United States, Germany, and Canada took down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices, while also targeting virtual servers, internet domains, and related infrastructure used to launch hundreds of thousands of DDoS attacks against victims worldwide, including IP addresses owned by the Department of Defense Information Network (DoDIN).

    Show sources
    Open in new tab
  2. 20.03.2026 10:05 1 articles · 2mo ago

    Botnet campaign scale and DDoS record claims described

    Campaign Scope Update

    Court documents and company statements describe the Aisuru, KimWolf, JackSkid, and Mossad botnets as having collectively infected and ensnared over three million IoT devices, including web cameras, digital video recorders, and WiFi routers, and as having issued more than 200,000, 25,000, 90,000, and 1,000 DDoS attack commands respectively. The same campaign is described as producing hundreds of thousands of attacks in recent months, with Aisuru setting a 31.4 Tbps record in December, a 29.7 Tbps record earlier, and a 15.72 Tbps incident in November that Microsoft attributed to the same botnet.

    Show sources
    Open in new tab