# The Mysterious Case of Dort: Unmasking the Kimwolf Botnet's Mastermind
In January 2026, KrebsOnSecurity exposed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has been wreaking havoc on unsuspecting targets. In this article, we'll delve into what's known about Dort based on public information and explore the complex web of identities, aliases, and activities that reveal a mastermind behind one of the most notorious cyber threats in recent history.
Dort's early life was marked by a fascination with hacking, particularly in the popular game Minecraft. The handle "CPacket" was used in various online communities, including GitHub and Nulled, where Dort created accounts under different email addresses. These accounts were often linked to Canadian IP addresses, suggesting that Dort may be from Canada. According to Intel 471, one of these email addresses, jay.miner232@gmail.com, was used between 2015 and 2019 to create multiple accounts at cybercrime forums.
One notable alias associated with Dort is "DortDev," which was active on the chat server for LAPSUS$, a prolific cybercrime group. Dort offered services like temporary email address registration and CAPTCHA bypass code sales, all advertised on SIM Land, a Telegram channel focused on SIM-swapping and account takeover activity. It's worth noting that Dort claims to have collaborated with another hacker, "Qoft," who bragged about stealing over $250,000 worth of Microsoft Xbox Game Pass accounts.
Further research reveals that Dort's password was reused by another email address, jacobbutler803@gmail.com. This email address was used in 2015 to register Minecraft-themed domains and is linked to Jacob Butler, a teenager from Ottawa, Canada. Butler claims not to have been involved in hacking or creating "Dortsolver," a piece of code that could bypass various CAPTCHA services.
However, there are inconsistencies in Butler's timeline. For instance, his voice bears a striking resemblance to the one heard in a 2022 recording between Dort and another coder. Moreover, Dort can be heard cursing and threatening others in this recording, which mirrors his behavior on social media platforms. It appears that someone may be impersonating Butler online as Dort.
Dort's actions have become increasingly aggressive since KrebsOnSecurity published research into Kimwolf Botnet's vulnerabilities. The mastermind behind the botnet has coordinated DDoS attacks, doxing, and email flooding against researchers, including Benjamin Brundage, founder of Synthient. In a recent incident, Dort threatened to swat Brundage again, posting his home address and personal information on social media.
In conclusion, while we still don't have definitive proof about Dort's true identity, the available public information paints a complex picture of an individual who has evolved from a Minecraft hacker to a mastermind behind one of the most notorious cyber threats in recent history. As researchers and security professionals, it's essential that we continue to monitor and analyze the activities of individuals like Dort, as their actions can have far-reaching consequences for individuals and organizations worldwide.
---
Note: This article is written based on publicly available information and may not reflect any new developments or updates since its initial publication date.