The operator behind Kimwolf, the world's largest and most disruptive botnet, has become the subject of intense scrutiny following a coordinated campaign of cyberattacks against security researchers who exposed the malware's underlying vulnerability. The individual operating under the handle "Dort" has orchestrated a series of distributed denial-of-service attacks, doxing operations, and email flooding campaigns, escalating to swatting incidents targeting those investigating the botnet infrastructure.
Through open-source intelligence gathering and cyber forensics, investigators have pieced together a profile of Dort spanning over a decade of online activity. A 2020 public document identified Dort as a Canadian teenager born in August 2003, operating under alternate aliases including "CPacket" and "M1ce." Digital forensics linked these identities through a GitHub account created in 2017 using the email jay.miner232@gmail.com, with account registration traced to an Internet Protocol address belonging to Rogers Canada.
Cyber intelligence analysts discovered the same email address was used to register accounts at major cybercrime forums between 2015 and 2019, including Nulled under the username "Uubuntuu" and Cracked as "Dorted." Both registrations originated from the same Canadian IP address, establishing a clear pattern of identity coordination.
Dort's criminal trajectory reportedly began in gaming communities, where the hacker gained notoriety developing "Dortware," software enabling cheating in Minecraft. This initial venture into malicious software development eventually evolved into more sophisticated cybercriminal operations. By 2022, Dort was active within LAPSUS$, a prolific cybercrime collective, offering temporary email registration services and "Dortsolver," a tool designed to bypass CAPTCHA security measures protecting against automated abuse.
Collaboration with another hacker operating as "Qoft" proved particularly lucrative, with the pair reportedly stealing over $250,000 in Microsoft Xbox Game Pass accounts through a mass account creation program utilizing stolen payment card data. Evidence suggests Dort's real name may be Jacob, based on password reuse patterns across email accounts and Minecraft domain registrations dating to 2015, with the birth year component "803" corresponding to the documented August 2003 date of birth.