{"id":187728,"date":"2026-02-16T03:35:06","date_gmt":"2026-02-16T08:35:06","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/16\/who-benefited-from-the-aisuru-and-kimwolf-botnets-krebs-on-security\/"},"modified":"2026-02-16T03:35:08","modified_gmt":"2026-02-16T08:35:08","slug":"who-benefited-from-the-aisuru-and-kimwolf-botnets-krebs-on-security","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/16\/who-benefited-from-the-aisuru-and-kimwolf-botnets-krebs-on-security\/","title":{"rendered":"Who Benefited from the Aisuru and Kimwolf Botnets? \u2013 Krebs on Security"},"content":{"rendered":"<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/01\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/\">Who Benefited from the Aisuru and Kimwolf Botnets? \u2013 Krebs on Security<\/a><\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/01\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/\">https:\/\/krebsonsecurity.com\/2026\/01\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-09 03:46:05<\/a><\/p>\n<p>Source Domain: <a href=\"krebsonsecurity.com\">krebsonsecurity.com<\/a><\/p>\n<p>A potent new botnet called Kimwolf that has compromised over two million devices, chiefly targeting unauthorized Android TV streaming boxes, has been scrutinized for generating malicious Internet traffic and DDoS attacks. Discovered in December 2025, Kimwolf forces these devices to become part of larger botnets and relays illicit activity for residential proxy services that inflate ad revenue and facilitate account takeovers. The botnet&#8217;s origins link to earlier versions and infrastructure utilized by a cybercriminal network tied to services operated by the Lehi, Utah-based Resi Rack LLC. Resi Rack was found to be hosting the botnet&#8217;s activity, causing them to receive immediate action for misuse of their infrastructure. The botnet is controlled by individuals identified as &#8220;Dort&#8221; and &#8220;Snow,&#8221; and is associated with entities like ByteConnect through Plainproxies and Maskify, which allegedly sell ethically questionable proxies. Following media coverage, the bot masters retaliated by doxing and DDoS-attacking those involved in exposing Kimwolf, employing Ethereum Name Service&#8217;s decentralized nature to evade takedowns.<\/p>\n<p>Key Points:<\/p>\n<p>&#8211; Kimwolf botnet compromises more than two million Android TV streaming boxes, used in DDoS attacks and illicit proxy services.<br \/>\n&#8211; The botnet\u2019s infrastructure has connections to Resi Rack LLC, which expressed disapproval at the misuse of their servers.<br \/>\n&#8211; Botnet operators are linked to individuals identified as &#8220;Dort&#8221; and &#8220;Snow,&#8221; who control botnets like Kimwolf and Aisuru.<br \/>\n&#8211; Associated entities include ByteConnect, Plainproxies, and Maskify, which sell dubious proxies and engage in cybercriminal activities.<br \/>\n&#8211; The botmasters have retaliated against scrutiny with personal doxing and attacks on those exposed by the botnet.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Who Benefited from the Aisuru and Kimwolf Botnets? \u2013 Krebs on Security https:\/\/krebsonsecurity.com\/2026\/01\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":187729,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/XLab-resito.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-187728","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187728"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=187728"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187728\/revisions"}],"predecessor-version":[{"id":187730,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187728\/revisions\/187730"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/187729"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=187728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=187728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=187728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}