The Kimwolf botnet, operated by Jacob Butler, was an Android-focused IoT botnet that leveraged residential proxy networks to control roughly 2 million devices and conduct massive DDoS attacks, including one peaking at 31.4 Tbps. Butler was arrested in Canada and charged in the US with aiding and abetting computer intrusion. The botnet was disrupted by law enforcement in March 2026 alongside other IoT botnets. The US and Canadian authorities coordinated to target botnet administrators and infrastructure, including seizure of online services supporting DDoS-for-hire platforms. Butler's arrest and charges are part of these coordinated enforcement actions.

The Kimwolf botnet enabled large-scale distributed denial-of-service attacks, disrupting targeted online services and networks. The botnet's control of approximately 2 million IoT devices and use of residential proxy networks significantly amplified attack capacity, culminating in a record-breaking 31.4 Tbps DDoS attack. The arrest of the operator and disruption of the botnet reduce the threat posed by this infrastructure. The legal actions against Butler and related platforms aim to deter similar cybercriminal activities.

Law enforcement has disrupted the Kimwolf botnet and arrested its alleged operator, Jacob Butler. These actions have effectively mitigated the threat posed by this botnet. Organizations should remain aware of ongoing threats from IoT botnets and monitor official advisories for updates. No direct patch or remediation is applicable to this law enforcement action. Continued cooperation with authorities and monitoring of DDoS threats is recommended.