Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Kimwolf operators build a cybercrime-as-a-service DDoS access market

Threat Actor Meta
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

The Kimwolf operators ran a cybercrime-as-a-service market that sold access to infected devices, widening DDoS-for-hire abuse. The model turned compromised digital photo frames and web cameras into rentable attack infrastructure for other criminals. The resulting ecosystem fed attacks worldwide, including against DoDIN IP addresses.

Related Happenings

Jacob Butler Kimwolf arrest and cross-border charges

Law Enforcement
First: 22.05.2026 00:50 Last: 22.05.2026 00:50 Sources 1

How related: The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.

About this happening: Canadian authorities **arrested Jacob Butler (“Dort”)** in **Ottawa** over the **Kimwolf DDoS botnet** case. The move escalates a **cross-border cybercrime prosecution** that also...

Open Happening

Dort-linked DDoS, doxing, and swatting campaign against researchers

Campaign
First: 22.05.2026 00:50 Last: 22.05.2026 00:50 Sources 1

About this happening: The **Dort**-linked harassment campaign targeted **this author and a security researcher**, using **DDoS, doxing, and swatting** to intimidate the people investigating the operato...

Open Happening

Interpol Operation Ramz cybercrime crackdown in MENA

Law Enforcement
First: 18.05.2026 17:00 Last: 18.05.2026 17:00 Sources 1

About this happening: **INTERPOL**'s **Operation Ramz** led to **more than 200 arrests** across the **Middle East and North Africa**, with law enforcement also identifying **382 additional suspects** i...

Open Happening

APT28 SOHO router DNS hijacking and credential theft campaign

Campaign
First: 07.04.2026 18:30 Last: 07.04.2026 18:30 Sources 1

About this happening: **APT28** is running **two malicious campaigns** that abuse **vulnerable SOHO routers** and attacker-controlled **DNS/VPS infrastructure** to reroute traffic and steal credentials...

Latest development: 08.04.2026 13:03

On April 7, 2026, the US Department of Justice and the FBI said they neutralized the US portion of APT28’s DNS hijacking network, which spanned more than 23 US states and used compromised SOHO routers, especially TP-Link routers, to redirect traffic through attacker-controlled DNS servers and steal credentials from targeted organizations. The FBI said it was working with ISPs to notify affected users, and court-authorized remediation steps can reset router DNS settings, remove APT28-installed resolvers, and prevent further abuse of the original access path.

Open Happening

Aisuru, KimWolf, JackSkid, and Mossad botnet C2 takedown

Law Enforcement
First: 20.03.2026 10:05 Last: 20.03.2026 10:05 Sources 1

How related: The charges come exactly two months after U.S. authorities, in partnership with Canada and Germany, disrupted the command-and-control (C2) infrastructure associated with Kimwolf, AISURU, JackSkid, and Mossad as part of a court-authorized law enforcement operation.

About this happening: The **U.S. Department of Justice** announced the arrest of **Jacob Butler (aka Dort)**, a **23-year-old** in **Ottawa, Canada**, for allegedly developing and operating the **Kimwo...

Open Happening

Timeline

  1. 22.05.2026 11:50 2 articles · 5d ago

    Brian Krebs identifies Kimwolf operator

    Attribution Update

    Independent security journalist Brian Krebs identified Jacob Butler, aka Dort, as behind the Kimwolf botnet earlier this February, and Butler denied using the Dort persona since 2021 while claiming that another party had impersonated him after compromising his old account.

    Show sources
    Open in new tab
  2. 22.05.2026 11:50 1 articles · 5d ago

    Kimwolf-related C2 infrastructure disrupted

    Legal Policy Action Update

    U.S. authorities, working with Canada and Germany, disrupted the command-and-control (C2) infrastructure associated with Kimwolf, AISURU, JackSkid, and Mossad as part of a court-authorized law enforcement operation.

    Show sources
    Open in new tab
  3. 22.05.2026 11:50 1 articles · 5d ago

    DoJ announces Butler arrest and charges

    Legal Policy Action Update

    The U.S. Department of Justice announced the arrest of Jacob Butler, aka Dort, in Ottawa, Canada, and charged him with aiding and abetting computer intrusion for allegedly developing and operating the Kimwolf DDoS botnet; seizure warrants were also unsealed against online services supporting 45 DDoS-for-hire platforms.

    Show sources
    Open in new tab