The U.S. Department of Justice (DoJ) announced Thursday that it has arrested a Canadian man suspected of operating a distributed denial of service (DDoS) botnet known as Kimwolf.
At the same time, Jacob Butler (also known as Dort), 23, of Ottawa, Canada, was also charged with crimes related to the development and operation of the botnet. Kim Wolf is considered to be a subspecies of AISURU.
“Kim Wolf targeted infected devices that were traditionally ‘firewalled’ from the rest of the internet, such as digital photo frames and webcams,” the Justice Department said. “Infected devices were enslaved by botnet operators.”
“The operator then used a ‘cybercrime-as-a-service’ model to sell access to the infected devices to other cybercriminals. The operator and its customers engaged victims’ devices in DDoS attacks, targeting computers and servers located around the world, including Department of Defense Information Network (DoDIN) IP addresses.”
Court documents show Butler was involved in managing the KimWolf botnet through IP addresses, online account information, and Discord message records posted by an account called resi.[.]To.
That Butler was behind the Kimwolf botnet was first revealed by independent security journalist Brian Krebs in early February of this year. At the time, the defendant claimed that he had not used the “Dote” persona since 2021 and that other parties were impersonating him after compromising his old account.
The charges come just two months after U.S. authorities, in cooperation with Canada and Germany, sabotaged command and control (C2) infrastructure associated with Kim Wolf, AISURU, Jack Skid, and Mossad as part of a court-authorized law enforcement operation.
According to the Department of Justice, Kim Wolf is estimated to have issued more than 25,000 attack commands. Before its removal, the AISURU/Kimwolf botnet was believed to be responsible for some of the record-setting DDoS attacks, flooding targets with junk traffic reaching 31.4 terabits per second (Tbps) at its peak.
In addition to Butler’s arrest, seizure warrants targeting online services supporting 45 DDoS lending platforms were released, allowing law enforcement to dismantle the services. One of the platforms is said to have collaborated with Kimwolf.
Butler is charged with one count of aiding and abetting computer intrusion. If convicted, he could face up to 10 years in prison.
Source link
