Alleged Kimwolf IoT botmaster 'Dort' arrested in Ottawa, charged in US and Canada - swatting attacks against researchers cited
Krebs on Security reports that Jacob Butler, the 18-year-old Ottawa resident allegedly known online as 'Dort,' has been arrested and charged in both the US and Canada with running the Kimwolf IoT botnet. KrebsOnSecurity unmasked Butler as the operator on February 28 by tying together his email addresses, forum registrations, and public Telegram and Discord posts. Dort later threatened and swatted researchers including Synthient's Ben Brundage. Ontario Provincial Police executed a search warrant in Ottawa on March 19 and seized devices. Kimwolf competed with Aisuru, JackSkid, and Mossad for the same vulnerable-IoT population. Butler faces up to 10 years if extradited and convicted in the US.
- Check
- Search EDR and netflow telemetry for outbound connections from IoT devices to known Kimwolf, Aisuru, JackSkid, and Mossad C2 sets. Inventory unpatched IoT devices on residential and SMB networks.
- Affected
- IoT devices - mostly routers, NVRs, and consumer IP cameras - vulnerable to the unpatched flaws Kimwolf was using to spread. Synthient helped patch the underlying weakness earlier this year.
- Fix
- Update firmware on all IoT and network-edge devices and disable WAN-side admin interfaces. Block known Kimwolf C2 ranges. Monitor for the lateral spread patterns documented by Synthient.