The Rise of “Dort” and the Kimwolf Botnet: A New Era of Digital Warfare
In early January 2026, the cybersecurity world was shaken by revelations surrounding Kimwolf, now considered the world’s largest and most disruptive botnet. The individual controlling this formidable network, known only as “Dort,” has since become a central figure in a disturbing escalation of cybercrime. This isn’t simply about disrupting services; it’s a pattern of targeted harassment, doxing and even real-world threats, including a recent swatting incident.
Unmasking Dort: From Minecraft Hacker to Botnet Kingpin
The story of Dort begins, surprisingly, in the world of Minecraft. Dort gained notoriety for “Dortware,” software used to cheat within the game. This early hacking activity seemingly evolved into far more serious criminal endeavors. By March 2022, the identity “DortDev” was active within the LAPSUS$ cybercrime group, offering services like temporary email address registration and “Dortsolver,” a CAPTCHA bypass tool. These services were advertised on SIM Land, a Telegram channel associated with SIM-swapping and account takeover.
Early Online Footprints: CPacket, M1ce, and Jacob Butler
Tracing Dort’s online presence reveals a complex web of aliases. A 2020 “dox” identified Dort as a Canadian teenager (born August 2003) using the handles “CPacket” and “M1ce.” Investigations by OSINT Industries uncovered a GitHub account linked to both “Dort” and “CPacket,” registered in 2017 with the email address [email protected]. Intel 471’s research further connected this email to accounts on cybercrime forums Nulled (“Uubuntuu”) and Cracked (“Dorted”), originating from an internet address at Rogers Canada (99.241.112.24).
Crucially, the password used for [email protected] was as well used for [email protected], an email address linked to Jacob Butler in Ottawa, Canada, and matching the birthdate in the 2020 dox. Further investigation revealed connections to Minecraft accounts using the name “M1CE” and shared passwords with accounts at the Ottawa-Carelton District School Board.
The Kimwolf Retaliation: A Dangerous Escalation
The current wave of attacks stems from research published by Benjamin Brundage, founder of Synthient, which exposed vulnerabilities in residential proxy services exploited by the Kimwolf botnet. Following the publication of this research, Dort retaliated by creating a Discord server targeting Brundage and others, publishing personal information and violent threats. This culminated in a swatting attempt against Brundage, with attackers falsely reporting an emergency to local police.
Dort and associates even released a diss track on Soundcloud, containing explicit threats and referencing a potential SWAT team visit. The track included language suggesting a desire for physical harm.
Jacob Butler’s Account: Claims of Impersonation
When contacted, Jacob Butler acknowledged creating a Minecraft cheat in the past but denied involvement in Dortsolver or any activity attributed to “Dort” after 2021. He claimed his accounts may have been compromised and that someone is impersonating him online. However, a recording of a 2022 coding competition reveals a voice remarkably similar to Butler’s, using language and threats consistent with Dort’s online persona. Butler now claims this voice was cloned.
The Future of Botnet Warfare and Digital Retaliation
The Kimwolf case highlights a disturbing trend: the increasing willingness of cybercriminals to cross the line from digital disruption to real-world harm. The speed with which vulnerabilities are weaponized, combined with the ease of launching sophisticated attacks, creates a volatile landscape. The use of botnets like Kimwolf, coupled with doxing and swatting, represents a significant escalation in cyber warfare.
The case also underscores the challenges of attribution in cybercrime. Tracing online identities and verifying claims of impersonation can be incredibly difficult, even for experienced investigators. The reliance on open-source intelligence (OSINT) is crucial, but requires careful analysis, and corroboration.
FAQ
Q: What is Kimwolf?
A: Kimwolf is currently considered the world’s largest and most disruptive botnet, used for DDoS attacks, doxing, and other malicious activities.
Q: Who is Dort?
A: Dort is the individual believed to be controlling the Kimwolf botnet, with a history of online activity dating back to the Minecraft hacking scene.
Q: What is swatting?
A: Swatting is the act of falsely reporting an emergency to law enforcement, with the intent of dispatching a SWAT team to someone’s address.
Q: Is Jacob Butler definitely Dort?
A: Whereas significant evidence links Jacob Butler to the Dort persona, Butler claims his accounts were compromised and denies recent involvement.
Did you know? The Kimwolf botnet’s disruptive potential stems from its ability to launch sustained, high-volume attacks across various network layers.
Pro Tip: Regularly update your software and use strong, unique passwords to protect your devices from being compromised and added to botnets.
This case serves as a stark reminder of the evolving threats in the digital world. Stay informed, practice good cybersecurity hygiene, and report any suspicious activity to the appropriate authorities.
Explore further: Read KrebsOnSecurity’s original reporting on the Kimwolf botnet here.
