Canadian law enforcement officials have taken a 23-year-old man into custody for his alleged role in running a large-scale botnet operation.
The suspect, identified as Jacob Butler also known online by the alias “Dort” is believed to have played a key role in creating and managing the KimWolf botnet, a notorious distributed denial-of-service (DDoS)-for-hire platform.
This botnet is reported to have compromised over one million internet-connected devices across the globe, including webcams, digital photo frames, and other Internet of Things (IoT) devices. Once these devices were infected, the operators reportedly monetized the network by offering access to other cybercriminals through a “cybercrime-as-a-service” model.
According to the U.S. Department of Justice, the botnet was responsible for extremely powerful attacks, with traffic volumes reaching as high as 30 terabits per second considered a record-breaking scale for DDoS activity. Authorities also stated that the KimWolf network carried out more than 25,000 attack commands before its command-and-control (C2) infrastructure was dismantled by law enforcement in March.
Investigators were able to link Butler to the operation by analyzing various forms of digital evidence, including IP address data, account registrations, financial transactions, and communications from online chat platforms.
In parallel, U.S. authorities disrupted several DDoS-for-hire services associated with the KimWolf botnet. Visitors attempting to access these platforms are now redirected to warning pages highlighting the illegality of such services.
Butler has been charged with aiding and abetting unauthorized computer intrusion. If convicted, he faces a potential prison sentence of up to 10 years. His arrest is part of a larger international enforcement effort launched in March targeting multiple IoT-based botnets, including KimWolf, AISURU, JackSkid, and Mossad. This coordinated crackdown involved agencies from Canada, Germany, and the United States, along with support from private cybersecurity organizations.
Earlier in February, cybersecurity journalist Brian Krebs publicly identified Butler as the suspected operator behind KimWolf after reviewing digital footprints such as email accounts, forum activity, and posts on platforms like Telegram and Discord.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
