
Canadian Jacob Butler, 23, arrested for running the Kimwolf botnet; US seeks extradition on federal hacking charges.
Jacob Butler, 23, a Canadian national, was arrested in Canada for allegedly operating the Kimwolf botnet (a network of infected machines controlled remotely). US authorities have formally requested extradition on federal computer hacking charges. Public technical details about Kimwolf's scale, capabilities, or victim count are not yet available.
Botnet operator arrests are rare. When they happen, they signal that the investigating agency — almost certainly the FBI or DOJ — had enough visibility into the infrastructure to unmask the human behind it. That typically requires C2 (command-and-control server — the brain of the botnet) traffic analysis, ISP cooperation, or direct infiltration of the operator's systems.
Kimwolf is not widely documented in public threat intelligence sources, which makes this case notable: low-profile botnets are often the ones that have been running the longest under the radar. When the indictment is unsealed, it will contain actionable IOCs (technical fingerprints that expose attack infrastructure). DOJ indictments are consistently the richest source of concrete C2 infrastructure details.
This follows the classic law enforcement botnet playbook: quiet arrest, slow extradition, IOC release with the indictment. Mine the court document the moment it goes public.
Help more people discover BBLabs News.
Want to get news like this every day?
Browse all articles