Botmaster “Dort” Uses Kimwolf Botnet for DDoS, Doxing, and Email‑Flood Campaigns
What Happened – The individual known as “Dort” (aliases CPacket, M1ce, DortDev) controls the Kimwolf botnet, the world’s largest DDoS‑capable network. Since January 2026 Dort has launched coordinated DDoS attacks, large‑scale doxing, and email‑flooding campaigns against security researchers and journalists, even prompting a SWAT response.
Why It Matters for TPRM –
- Botnet operators can weaponize compromised third‑party assets, creating downstream service disruptions for vendors.
- Doxing of vendor personnel can lead to social‑engineering attacks against supply‑chain partners.
- Email‑flooding can overwhelm incident‑response channels, delaying remediation for client organizations.
Who Is Affected – Technology‑SaaS providers, cloud‑hosting services, MSPs, and any organization that relies on internet‑facing infrastructure.
Recommended Actions –
- Verify that any third‑party services you consume are protected against large‑scale DDoS (e.g., scrubbing services, rate‑limiting).
- Review employee exposure: enforce strict personal‑information handling policies and monitor for credential reuse.
- Harden email gateways and implement anti‑spam/anti‑phishing controls to mitigate flooding attacks.
Technical Notes – Dort’s activity stems from a long‑standing GitHub account (jay.miner232@gmail.com) linked to multiple cyber‑crime forum registrations from a Rogers Canada IP (99.241.112.24). The botnet is leveraged for DDoS, while “Dortsolver” provides CAPTCHA‑bypass code and disposable‑email services sold on Telegram’s SIM‑Land channel. No public CVE is associated, but the threat actor demonstrates a clear capability to weaponize compromised devices at scale. Source: Krebs on Security