Authorities in Canada and the United States have detained a 23-year-old Ottawa man, alleging his involvement in running ‘KimWolf’, a large-scale DDoS botnet. The operation reportedly targeted over a million Internet-of-Things (IoT) devices globally, including systems linked to the U.S. Department of Defense Information Network (DoDIN).
Details of the KimWolf Botnet
A criminal complaint in the District of Alaska unveiled charges against Jacob Butler, known online as ‘Dort’. He is accused of creating and managing the KimWolf botnet. This network was allegedly used for a DDoS-as-a-service scheme, renting out its attack power to other hackers.
Investigators claim KimWolf infiltrated consumer and small-office devices like digital photo frames and webcams, turning them into tools for a widespread attack framework. This botnet launched numerous high-volume DDoS campaigns globally, impacting DoDIN-associated IP addresses.
Impact and Legal Actions
KimWolf’s attacks reportedly reached peaks of nearly 30 Tbps, ranking among the largest recorded DDoS events. These attacks resulted in significant financial losses for some victims, exceeding a million dollars.
Butler was apprehended in Ottawa following a coordinated effort by the U.S. Department of Justice, the Defense Criminal Investigative Service (DCIS), and Canadian law enforcement. He faces charges of aiding and abetting computer intrusion in the U.S., with a potential maximum sentence of 10 years.
Global Crackdown on DDoS Networks
This arrest is part of a larger operation authorized in March 2026, which targeted multiple IoT DDoS botnets, including Aisuru, JackSkid, and Mossad. Authorities seized command-and-control infrastructure and issued warrants against 45 DDoS-for-hire platforms, redirecting their domains to a law-enforcement page cautioning against DDoS activities.
Evidence linking Butler to KimWolf was collected from IP addresses, online accounts, payment records, and encrypted messaging logs. The operation involved extensive collaboration across technology, hosting, security, and networking sectors, which helped in identifying and dismantling the botnet infrastructure.
Currently, Butler is in custody in Canada while U.S. authorities seek his extradition. The U.S. Attorney’s Office for the District of Alaska, DCIS, and the FBI Anchorage Field Office are leading the case prosecution.
