A Canadian man, identified as 23-year-old Jacob Butler, has been arrested by U.S. and Canadian authorities for his alleged involvement in operating the KimWolf distributed denial-of-service (DDoS) botnet. The botnet, which infected nearly two million devices globally, was used for launching massive cyber attacks.
Butler, also known as “Dort” in online circles, was apprehended in Ottawa by Canadian authorities following an extradition warrant. The arrest was based on substantial evidence linking Butler to the KimWolf botnet, including IP addresses, online account information, transaction records, and online messaging records.
Charged with aiding and abetting computer intrusions, Butler faces a maximum sentence of 10 years in prison upon extradition to the U.S. The KimWolf botnet operated as a DDoS-for-hire service, enabling cybercriminals to launch attacks of unprecedented scale, reaching up to 30 terabits per second.
Through a cybercrime-as-a-service model, Butler facilitated access to a vast network of compromised devices, ranging from digital photo frames to Android-based TV boxes. The botnet was utilized in over 25,000 attacks worldwide, targeting both computers and servers, including Department of Defense Information Network IP addresses.
Researchers at cybersecurity firm Synthient revealed that KimWolf grew to almost 2 million infected devices by exploiting vulnerabilities in residential proxy networks. The botnet generated around 12 million unique IP addresses weekly, showcasing its extensive reach and impact.
In a coordinated effort, the Central District of California executed seizure warrants against 45 DDoS-for-hire platforms, disrupting multiple DDoS operations, including those associated with the KimWolf botnet. These actions aimed to curb the proliferation of DDoS attacks and raise awareness about their illegality.
The arrest of Butler follows an international operation in March 2026, where authorities seized command-and-control infrastructure linked to KimWolf and three other botnets (Aisuru, JackSkid, and Mossad). These botnets collectively infected over 3 million IoT devices, posing a significant threat to global cybersecurity.
The U.S. Justice Department emphasized the severity of the situation, noting that the botnets targeted a wide range of IoT devices, such as web cameras, digital video recorders, and Wi-Fi routers, with a substantial number located in the United States.
Automated pentesting tools offer valuable insights into network security, focusing on assessing an attacker’s ability to navigate a system. However, these tools do not validate the effectiveness of your security controls, detection mechanisms, or cloud configurations. To ensure comprehensive protection, it is crucial to evaluate key areas of vulnerability.
Explore the essential surfaces that require validation to enhance your cybersecurity posture.
Download Now
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
