Kimwolf Botmaster “Dort” Exposed: New Intel on DDoS & Mining Infrastructure

Krebs on Security has identified the individual behind the alias “Dort,” the chief architect of the Kimwolf botnet. Dort coordinated the deployment of malicious loaders that hijack IoT devices, Windows workstations, and cloud instances, turning them into a hybrid network capable of launching massive DDoS floods and running illicit cryptocurrency miners. The investigation uncovered command‑and‑control (C2) servers, custom encryption routines, and a modular payload pipeline that evades many traditional detection tools.

The Kimwolf botnet continues to generate multi‑gigabit attacks against high‑profile targets while siphoning compute cycles for profit, causing service outages and increasing the attack surface for downstream victims. Defenders should prioritize hunting for the specific loader signatures, block known C2 IP ranges, and enforce strict network segmentation to limit lateral movement. Updating firmware on IoT devices and applying endpoint detection and response (EDR) rules that flag abnormal mining processes are essential steps to disrupt Dort’s infrastructure and reduce the botnet’s operational lifespan.

Categories: Threat Intelligence, Malware & Ransomware

Source: Read original article