Unmasking 'Dort': The Kimwolf Botmaster Behind Global DDoS & SWATting Campaigns

In early January 2026, KrebsOnSecurity detailed how a disclosed vulnerability was exploited to build Kimwolf, the world's largest and most disruptive botnet. The individual controlling Kimwolf, using the handle 'Dort,' has since coordinated a sustained campaign of distributed denial-of-service (DDoS) attacks, doxing, and email flooding against the security researcher who exposed the flaw and this publication. The harassment escalated recently with a SWAT team being sent to the researcher's home.

Public intelligence points to Dort's identity. A 2020 dox claimed Dort was a Canadian teenager (born August 2003) using the aliases 'CPacket' and 'M1ce.' Searching the username CPacket on the OSINT platform OSINT Industries reveals a GitHub account created in 2017 under the names Dort and CPacket, registered with the email address [email protected].

Cyber intelligence firm Intel 471 reports that [email protected] was used between 2015 and 2019 to create accounts on multiple cybercrime forums, including Nulled (username 'Uubuntuu') and Cracked (user 'Dorted'). Both accounts were registered from the same Rogers Canada IP address (99.241.112.24).

Dort first gained notoriety in the Minecraft community for developing 'Dortware,' cheating software for the game. This activity marked the beginning of a trajectory that evolved from game hacking to more serious cybercriminal operations, culminating in the control of the massive Kimwolf botnet used for large-scale disruption and harassment.