Skip to main content
List Directory
  • News
  • World
  • Business
  • Entertainment
  • Sports
  • Tech and Science
  • Health
Menu
  • News
  • World
  • Business
  • Entertainment
  • Sports
  • Tech and Science
  • Health
Kimwolf Botnet Operator “Dort” Identified: A Deep Dive

Kimwolf Botnet Operator “Dort” Identified: A Deep Dive

March 3, 2026 Sarah Wu - Tech Editor Tech and Science

The individual controlling Kimwolf, the world’s largest and most disruptive botnet, operates under the handle “Dort.” Recent activity attributed to Dort includes a sustained campaign of harassment and threats against a security researcher who initially disclosed a vulnerability exploited in the botnet’s creation. This campaign escalated to include a swatting attempt targeting the researcher’s home, prompting a deeper investigation into Dort’s identity and online history.

Tracing Dort’s Digital Footprint

Initial investigations, dating back to 2020, suggested Dort was a Canadian teenager, born in August 2003, using aliases such as “CPacket” and “M1ce.” Further OSINT (Open Source Intelligence) analysis revealed a GitHub account linked to both “Dort” and “CPacket,” created in 2017 and associated with the email address [email protected]. This email address, according to cyber intelligence firm Intel 471, was used between 2015 and 2019 to register accounts on several cybercrime forums, including Nulled (username “Uubuntuu”) and Cracked (username “Dorted”). Both accounts originated from the same IP address belonging to Rogers Canada (99.241.112.24).

Dort’s online activity extends beyond cybercrime forums. They were a prominent figure in the Microsoft game Minecraft, gaining notoriety for “Dortware,” a software program designed to assist players in cheating. This early foray into hacking appears to have served as a stepping stone to more serious criminal endeavors. By March 2022, Dort was using the alias “DortDev” and participating in the chat server for LAPSUS$, a prolific cybercrime group. During this period, Dort offered services for registering temporary email addresses and “Dortsolver,” a tool designed to bypass CAPTCHA services – automated challenges intended to prevent bot activity. These services were advertised on SIM Land, a Telegram channel focused on SIM-swapping and account takeover, as reported by KrebsOnSecurity.

Collaboration and Financial Gain

Flashpoint, a cyber intelligence firm, indexed posts from 2022 on SIM Land indicating Dort collaborated with another hacker known as “Qoft.” Qoft stated they were exclusive business partners with Dort, and boasted about generating over $250,000 through the theft of Microsoft Xbox Game Pass accounts. This was achieved by developing a program that created fraudulent Game Pass identities using stolen payment card data.

Further investigation by Constella Intelligence revealed a connection between Dort and Jacob Butler. The password associated with [email protected] was likewise used for [email protected]. DomainTools.com records indicate this email address was used in 2015 to register Minecraft-themed domains linked to a Jacob Butler in Ottawa, Canada, and a specific phone number (613-909-9727). Constella Intelligence also found that this email address was used to create accounts on the hacker forum Nulled in 2016 and on Minecraft under the username “M1CE.” The password used for the Nulled account was also linked to [email protected] and [email protected], an email address associated with the Ottawa-Carelton District School Board.

The Kimwolf Botnet and Retaliation

The current wave of attacks attributed to Dort began after KrebsOnSecurity published an article in early January 2026, detailing research by Benjamin Brundage, founder of the proxy tracking service Synthient. Brundage discovered that Kimwolf botmasters were exploiting vulnerabilities in residential proxy services to infect vulnerable devices – such as TV boxes and digital photo frames – connected to private networks. This research led to the remediation of these vulnerabilities, significantly hindering Kimwolf’s spread. In response, Dort created a Discord server impersonating KrebsOnSecurity and began publishing personal information and violent threats against Brundage and others.

The harassment escalated to a reported swatting attempt against Brundage, with police visiting his home following threats posted on the Discord server. Dort and associates also posted a diss track on Soundcloud, containing explicit threats and referencing a potential swatting attack. The track, recorded under the alias DortDev, included lyrics referencing the cost of a recent front door and the consequences of not having one.

Conflicting Accounts and Ongoing Investigation

KrebsOnSecurity contacted Jacob Butler, who acknowledged creating a Minecraft cheat in the past but denied involvement in Dortsolver or any activity associated with the Dort alias after 2021. Butler claimed his accounts may have been compromised and that someone is impersonating him online. He also stated he had largely disconnected from online activity after experiencing multiple swatting incidents himself. Though, a recording of a 2022 Clash of Code competition reveals a voice remarkably similar to Butler’s, using profanity and threats consistent with Dort’s online persona. Butler suggested the voice may be a cloned imitation.

Voice Cloning and Impersonation

Butler’s claim of voice cloning is not implausible. Advances in artificial intelligence have made it increasingly easy to replicate voices with alarming accuracy. While the authenticity of the voice in the Clash of Code recording remains unconfirmed, it raises questions about the extent to which Dort’s online activities may be attributed to others or masked by sophisticated impersonation techniques.

The investigation into Dort’s identity and activities is ongoing. The escalation of tactics, from DDoS attacks and doxing to swatting attempts, highlights the serious risks posed by the Kimwolf botnet and its operator. The remediation of vulnerabilities in proxy services has demonstrably slowed Kimwolf’s spread, but the botnet remains a significant threat.

Further analysis of Dort’s online activity, coupled with law enforcement efforts, will be crucial in identifying and holding accountable those responsible for these malicious attacks. The case also underscores the need for increased security awareness among individuals and organizations to protect against botnet infections and online harassment. You can find more information about the Kimwolf botnet and related security threats on KrebsOnSecurity.

Recent Posts

  • Madison Keys vs. Hanne Vandewinkel Live: French Open 2026 TV Schedule and Streaming Guide
  • Our Strict Quality Control Process for Returned Clothing
  • German Business Sentiment Shows Slight Recovery in May According to Ifo Index
  • The 2-week supplement to avoid travel tummy trouble – plus blood clots worries – The Irish Sun
  • Ukraine Achieves Major Battlefield Successes as Russian Casualties Mount

Recent Comments

No comments to show.
List Directory

List-Directory is a comprehensive directory of businesses and services across the United States. Find what you need, when you need it.

Quick Links

  • Home
  • Privacy Policy
  • Terms of Service

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

Connect With Us

Official social links will appear here when available.

List-directory.com
For contact, advertising, copyright, issues email: [email protected]

Privacy Policy Terms of Service