### Arrest and Charges The U.S. Department of Justice (DoJ) announced the arrest of **Jacob Butler** (aka Dort), 23, from Ottawa, Canada, on charges related to the development and operation of the **Kimwolf** botnet. According to the DoJ, **Kimwolf** specifically targeted devices like digital photo frames and web cameras that were traditionally firewalled from the internet, enslaving them into the botnet. The operators then allegedly sold access to these infected devices, enabling other cybercriminals to launch DDoS attacks against various targets, including the **Department of Defense Information Network (DoDIN)** IP addresses. ### Botnet Details and Investigation Court documents link **Butler** to the administration of the **Kimwolf** botnet through IP addresses, online account information, and Discord message records associated with the account resi[.]to. Independent security journalist **Brian Krebs** initially exposed **Butler's** involvement in February. ### International Cooperation and Takedown The arrest follows a coordinated effort between U.S., Canadian, and German authorities who disrupted the command-and-control (C2) infrastructure of **Kimwolf**, **AISURU**, **JackSkid**, and **Mossad** two months prior. This operation aimed to dismantle the botnet's capabilities. The **Kimwolf** botnet is estimated to have launched over 25,000 attack commands. The **AISURU/Kimwolf** botnets were responsible for some of the largest DDoS attacks recorded, reaching peaks of 31.4 Terabits per second (Tbps). ### Dismantling DDoS-for-Hire Platforms In addition to **Butler's** arrest, seizure warrants have been unsealed targeting online services that supported 45 DDoS-for-hire platforms, including one that collaborated with **Kimwolf**. This action aims to further disrupt the DDoS ecosystem. **Butler** faces one count of aiding and abetting computer intrusion, carrying a potential sentence of up to 10 years in prison if convicted.