Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU that specifically

According to the report, U.S. and Canadian authorities arrested Jacob Butler (aka "Dort"), a 23-year-old from Ottawa, for allegedly developing and operating the Kimwolf DDoS botnet, a DDoS-for-hire service built on compromised Android and IoT devices, including those on the U.S. Department of Defense Information Network.[1][2][3][4] Kimwolf, a variant of AISURU, reportedly infected over a million devices and launched more than 25,000 DDoS attacks, with peak volumes around 30 Tbps and individual victim losses exceeding $1 million.[1][2][3][4] From a CyberSE.AI perspective, this illustrates how automation-as-a-service models can be weaponized at scale and foreshadows similar "attack-as-a-service" ecosystems that may increasingly integrate AI-driven targeting, evasion, and orchestration. Continuous AI Red Teaming can help organizations simulate such large-scale, automated abuse scenarios against their AI-enabled infrastructure and services, validate detection/response playbooks, and harden internet-facing models and agents before they are targeted by similar criminal service offerings.