This is a developing event and has been generated by AI. Details may change as more information becomes available and human review is completed.
US and Canada Arrest Suspected KimWolf DDoS Botnet Administrator
Impact Assessment Rationale
A botnet of nearly two million devices represents a significant DDoS-for-hire or attack infrastructure with broad potential victims globally; however, the arrest and likely disruption of the botnet limits ongoing insured losses, and the article does not detail specific large-scale insured loss events triggered by the botnet.
View assessment methodology βLoading map...
Geographic Zone Matches
1 active match
- TRIA Certified AreasRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Summary
US and Canadian authorities have arrested and charged a Canadian national with operating the KimWolf DDoS botnet, which reportedly infected nearly two million devices worldwide. The arrest represents a joint law enforcement action targeting the administrator of a large-scale distributed denial-of-service infrastructure. The botnet posed significant threat to organisations reliant on internet-facing services and critical infrastructure.
This summary is AI-generated from linked source reports and may change as more information becomes available. See our correction policy for how to report errors.
Structured Intelligence
known
- A Canadian man has been arrested and charged by US and Canadian authorities
- The suspect is accused of operating the KimWolf DDoS botnet
- The botnet infected nearly two million devices worldwide
- The operation was a joint US-Canada law enforcement action
reported
- The botnet was used to conduct distributed denial-of-service attacks
- The scale of infections suggests a globally significant threat actor
uncertain
- The full scope of victims and targets of the KimWolf botnet is not specified in the article
- Whether the botnet infrastructure has been fully dismantled is unclear
- The extent of any critical infrastructure targeting is unconfirmed
Affected Countries
Key Entities
Sources
Trade Media
- BleepingComputer22 May 2026, 09:28
- The Record (Cyber)22 May 2026, 15:44
Timeline
Status changed to developing
Auto-promoted: multiple sources
Corroborating source
Jacob Butler, a 23-year-old Canadian, was arrested in Ottawa on an extradition warrant filed by the U.S. Justice Department for operating the KimWolf botnet, one of the world's largest DDoS-for-hire platforms. KimWolf infected over one million devices globally and was responsible for DDoS attacks measured at nearly 30 terabits per second, including attacks targeting U.S. Department of Defense IP addresses. The botnet was dismantled in March 2026 as part of an international law enforcement operation involving the U.S., Canada, and Germany. Financial losses to victims exceeded one million dollars in some cases, with over 25,000 attack commands issued.
"KimWolf was tied to DDoS attacks which were measured at nearly 30 Terabits per second, a record in recorded DDoS attack volume. These attacks resulted in financial losses which, for some victims, exceeded one million dollars. The KimWolf botnet is alleged to have issued over 25,000 attack commands."
Source: The Record (Cyber) (Trade Media) Β· View source
Initial Detection
US and Canadian authorities have arrested and charged a Canadian national with operating the KimWolf DDoS botnet, which reportedly infected nearly two million devices worldwide. The arrest represents a joint law enforcement action targeting the administrator of a large-scale distributed denial-of-service infrastructure. The botnet posed significant threat to organisations reliant on internet-facing services and critical infrastructure.
U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide.
Source: BleepingComputer (Trade Media) Β· View source