Kimwolf Botnet Lurking in Corporate, Govt. Networks – Krebs on Security

https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/

Publish Date: 2026-01-20 14:46:00

Kimwolf Botnet Impact Analysis

A formidable IoT botnet named Kimwolf has spread to over 2 million devices, compelling infected systems to engage in distributed denial-of-service (DDoS) attacks and relay malicious Internet traffic, posing a significant threat to both organizations and personal networks. The botnet exploits residential proxy services to gain control over devices linked to these services, subsequently scanning local networks for additional vulnerable IoT devices for infection. Residential proxies, marketed for regional localization and anonymity, have been the primary vectors through which Kimwolf has infiltrated networks of Android TV streaming boxes, which often lack proper security protocols. Interestingly, affected devices appear prevalent in government and corporate networks, according to security firms. Despite efforts by affected proxy providers to mitigate threats, Kimwolf’s infection numbers remain high, highlighting the necessity for better cybersecurity practices.

Key Points:

Kimwolf botnet has compromised over 2 million devices, primarily through exploiting residential proxy services.
The botnet targets devices including unsecure Android TV streaming boxes, which often come pre-installed with vulnerable proxy software.
Infected devices have been found in government, academia, education, healthcare, and finance sectors globally.
The botnet highlights the risks associated with unsecured devices within enterprise networks, potentially serving as a vector for broader internal compromises.
Mitigation efforts by proxy providers have had limited success, underscoring the need for robust cybersecurity measures across networks.