Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

Source: The Hacker News — 22 May 2026

What we are tracking

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU. "Kimwolf

RingSafe analysis

Kimwolf is one of several AISURU variants that hit Indian Layer-7 targets through 2025–26: fintech APIs, real-money gaming sites, and travel platforms adjacent to IRCTC’s ticketing window. Arrest of the operator disrupts pricing and customer support for the booter service, but the infection base of compromised IoT routers and the source code itself remain — expect rebranded variants within weeks. For Indian RBI-regulated entities the DDoS mitigation control is already mandated under Annex II of the RBI Cyber Security Framework; for entities outside that scope, the right action this month is a quarterly DDoS readiness drill against an 800 Gbps Layer-7 simulated burst, plus contract review with your CDN provider to confirm application-layer protection (not just volumetric L3/L4). MITRE ATT&CK T1498 and T1499. Treat this arrest as a window to test, not a reason to relax.

Read the original report

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks → at The Hacker News