Kimwolf Botnet Master Arrested: Cross‑Border Hack Charges Loom

Kimwolf botnet Arrest Sparks International Cyber‑Security Crackdown

Canadian police detained 23‑year‑old Jacob Butler, known online as “Dort”, after a U.S. warrant demanded his extradition. The suspect is accused of building and running the Kimwolf botnet, which hijacked millions of IoT devices—digital photo frames, webcams and other “firewalled” gear—to launch record‑breaking DDoS assaults.

Kimwolf botnet Attack Scale

Law‑enforcement analysts measured the botnet’s traffic at ↑ 30 Tbps, a historic peak that overwhelmed targets ranging from commercial sites to U.S. Department of Defense address blocks. Victims reported losses exceeding ↓ $1,000,000 each.

The Justice Department’s unsealed complaint, filed in an Alaska federal court, links Butler to over 25,000 attack commands issued between October 2025 and March 2026. Authorities say the botnet rented compromised devices to other cybercriminals, magnifying the threat.

“Kimwolf was tied to DDoS attacks that shattered previous volume records,” the DOJ statement read.

On March 19, an Reuters‑reported operation seized the technical backbone of Kimwolf alongside three rival botnets—Aisuru, JackSkid and Mossad. The coordinated takedown involved the FBI’s Anchorage field office and the DoD’s Defense Criminal Investigative Service.

Butler’s online footprint was pieced together from IP logs, forum registrations and messaging app records, a process highlighted by security blogger Brian Krebs earlier this year. Despite the exposure, the hacker continued to threaten researchers, even orchestrating swatting attacks against Synthient founder Ben Brundage.

“Hopefully this will end the harassment,” Brundage told Bloomberg after the arrest.

The Ontario Provincial Police executed a search warrant at Butler’s Ottawa residence on March 19, confiscating several computers and storage devices. He now faces Canadian charges of unauthorized computer use, possession of a device for illicit access, and mischief related to computer data, with a bail hearing set for early May.

In the United States, Butler is charged with one count of aiding and abetting computer intrusion. If extradited and convicted, he could face up to ten years behind bars, though sentencing guidelines may consider his youth and lack of prior offenses. The case underscores how the pandemic era’s surge in remote devices created fertile ground for IoT botnets, a trend investigators warn will persist.

Words by: Kaelen Frost

Lead Cybersecurity Analyst