{"id":218402,"date":"2026-02-28T07:03:00","date_gmt":"2026-02-28T12:03:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/28\/who-is-the-kimwolf-botmaster-dort-krebs-on-security\/"},"modified":"2026-02-28T08:00:13","modified_gmt":"2026-02-28T13:00:13","slug":"who-is-the-kimwolf-botmaster-dort-krebs-on-security","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/28\/who-is-the-kimwolf-botmaster-dort-krebs-on-security\/","title":{"rendered":"Who is the Kimwolf Botmaster \u201cDort\u201d? \u2013 Krebs on Security"},"content":{"rendered":"<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/02\/who-is-the-kimwolf-botmaster-dort\/\">Who is the Kimwolf Botmaster \u201cDort\u201d? \u2013 Krebs on Security<\/a><\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/02\/who-is-the-kimwolf-botmaster-dort\/\">https:\/\/krebsonsecurity.com\/2026\/02\/who-is-the-kimwolf-botmaster-dort\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-28 07:03:00<\/a><\/p>\n<p>Source Domain: <a href=\"krebsonsecurity.com\">krebsonsecurity.com<\/a><\/p>\n<p>In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build <strong>Kimwolf<\/strong>, the world\u2019s largest and most disruptive botnet. Since then, the person in control of Kimwolf \u2014 who goes by the handle \u201c<strong>Dort<\/strong>\u201d \u2014 has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher\u2019s home. This post examines what is knowable about Dort based on public information.<\/p>\n<p>A public \u201cdox\u201d created in 2020 asserted Dort was a teenager from Canada (DOB August 2003) who used the aliases \u201c<strong>CPacket<\/strong>\u201d and \u201c<strong>M1ce<\/strong>.\u201d A search on the username CPacket at the open source intelligence platform <strong>OSINT Industries<\/strong> finds a <strong>GitHub<\/strong> account under the names Dort and CPacket that was created in 2017 using the email address <strong>jay.miner232@gmail.com<\/strong>.<\/p>\n<p id=\"caption-attachment-73247\" class=\"wp-caption-text\">Image: osint.industries.<\/p>\n<p>The cyber intelligence firm <strong>Intel 471<\/strong> says jay.miner232@gmail.com was used between 2015 and 2019 to create accounts at multiple cybercrime forums, including <strong>Nulled<\/strong> (username \u201cUubuntuu\u201d) and <strong>Cracked <\/strong>(user \u201cDorted\u201d); Intel 471 reports that both of these accounts were created from the same Internet address at Rogers Canada (99.241.112.24).<\/p>\n<p>Dort was an extremely active player in the Microsoft game <strong>Minecraft<\/strong> who gained notoriety for their \u201c<strong>Dortware<\/strong>\u201d software that helped players cheat. But somewhere along the way, Dort graduated from hacking Minecraft games to enabling far more serious crimes.<\/p>\n<p>Dort also used the nickname <strong>DortDev<\/strong>, an identity that was active in March 2022 on the chat server for the prolific cybercrime group known as LAPSUS$. Dort peddled a service for registering temporary email addresses, as well as \u201cDortsolver,\u201d code that could bypass various CAPTCHA services designed to prevent automated account abuse. Both of these offerings were advertised in 2022 on <strong>SIM Land<\/strong>, a Telegram channel&#8230;<\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/02\/who-is-the-kimwolf-botmaster-dort\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Who is the Kimwolf Botmaster \u201cDort\u201d? \u2013 Krebs on Security https:\/\/krebsonsecurity.com\/2026\/02\/who-is-the-kimwolf-botmaster-dort\/ Publish Date: 2026-02-28 07:03:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":218403,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/02\/cpacket-discord.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-218402","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/218402"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=218402"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/218402\/revisions"}],"predecessor-version":[{"id":218404,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/218402\/revisions\/218404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/218403"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=218402"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=218402"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=218402"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}