Kimwolf Botnet Grows: Dort Exploits Proxies and I2P for Stealthy C2

The Kimwolf botnet, now led by the elusive operator known as “Dort,” has surged in size and sophistication. Researchers observed that the botnet is increasingly hijacking public web proxies and routing its command‑and‑control traffic through the I2P anonymity network, making its infrastructure hard to trace. This proxy‑abuse chain not only masks the origin of malicious traffic but also provides a resilient backbone for deploying new infected hosts across multiple regions.

The expansion translates into more spam, credential‑stealing campaigns, and amplified DDoS capability for adversaries targeting enterprises and critical services. Defenders must prioritize detection of proxy misuse, monitor I2P traffic anomalies, and update signatures to flag Kimwolf’s evolving payloads. Early identification of these stealth channels can disrupt the botnet’s growth and reduce its impact on organizational networks.

Categories: Threat Intelligence, Malware & Ransomware

Source: Read original article