Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada

Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada

https://cyberscoop.com/kimwolf-botnet-alleged-administrator-jacob-butler-arrested-canada/

Publish Date: 2026-05-21 19:24:39

Source Domain: cyberscoop.com

Authorities recently arrested Canadian man Jacob Butler, accused of managing the dreaded Kimwolf DDoS botnet, one that stands out as one of the most extensive in cyber history. The arrest marks a significant move in dismantling the botnet that hijacked over 2 million Android TV devices, leveraging residential-proxy networks for its illicit endeavors. Authorities seized numerous botnet infrastructures tied to Kimwolf and associated botnets and took control over three million devices previously linked to over 300,000 distributed denial of service attacks, causing financial and network damage amounting to millions.

Investigators discovered evidence linking Butler to Kimwolf through a series of digital footprints, including using an overlapping IP address linked to Kimwolf’s backend servers. Despite the takedown efforts in March, the botnet has resurfaced, highlighting a pressing issue: a large number of insecure IoT devices remain vulnerable. Security expert Zach Edwards of Infoblox stresses the persistent issue of unsecured networks and warns that without addressing the root vulnerabilities, cybercriminals will keep adapting, indicating that the battle against such threats will be ongoing.

Key Points:
– Canadian man Jacob Butler arrested for managing Kimwolf DDoS botnet.
– Kimwolf infected over 2 million Android TV devices and launched over 25,000 attacks.
– Botnets associated with Kimwolf targeted over 3 million devices, causing millions in damage.
– Despite takedown efforts, the botnet continues to operate.
– Security lapses and insecure IoT devices represent ongoing threats.