KimWorm DDoS Botnet Operator Arrested in 2026

Authorities arrested the alleged KimWorm DDoS botnet operator accused of launching cyberattacks and selling attack services online.

Law enforcement authorities have arrested the suspected operator behind the KimWorm DDoS botnet, a cybercrime service allegedly used to launch distributed denial-of-service attacks against online targets worldwide.

The arrest was announced in May 2026 following a coordinated investigation involving international law enforcement and cybersecurity agencies targeting the infrastructure behind the KimWorm operation. Investigators allege the suspect operated the botnet as a commercial “DDoS-for-hire” platform, allowing customers to pay for cyberattacks designed to overwhelm websites and online services with malicious traffic.

According to investigators, the KimWorm malware infected vulnerable internet-connected devices and servers, building a network of compromised systems that could be remotely controlled to carry out large-scale denial-of-service attacks. Authorities said the botnet targeted gaming services, businesses, online platforms, and other internet infrastructure.

Researchers said the malware shared similarities with earlier botnet campaigns that exploited weakly secured devices and cloud infrastructure to generate high-volume traffic floods. DDoS-for-hire operations, sometimes referred to as “booter” or “stresser” services, remain a major focus for global cybercrime investigators because they allow low-skilled users to launch disruptive attacks for relatively small payments.

Authorities also seized infrastructure allegedly linked to the operation, including servers and domains used to manage infected systems and coordinate attacks. Investigators are continuing forensic analysis to identify additional users and customers connected to the service.

Cybersecurity experts warned that DDoS botnets continue evolving by targeting internet-of-things devices, poorly secured servers, and exposed cloud systems. Similar malware families have previously powered some of the world’s largest cyberattacks, disrupting financial institutions, gaming platforms, and government services.

Officials said the KimWorm investigation forms part of broader international efforts to dismantle commercial cybercrime infrastructure and disrupt underground marketplaces selling attack services to criminal customers worldwide.

Related articles :

• AI-Assisted VoidLink Linux Malware Framework Unveiled

• US Disrupts DDoS-for-Hire Services in Global Crackdown

• South Korea Develops Crypto Tool to Track Drug Crime

__Reports are sourced from official documents, law-enforcement updates, and credible investigations.

Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.__