{"id":498,"date":"2026-01-09T00:01:56","date_gmt":"2026-01-09T00:01:56","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/"},"modified":"2026-01-09T00:01:56","modified_gmt":"2026-01-09T00:01:56","slug":"who-benefited-from-the-aisuru-and-kimwolf-botnets","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/","title":{"rendered":"Who Benefited from the Aisuru and Kimwolf Botnets?"},"content":{"rendered":"
\n

Our first story of 2026<\/a> revealed how a destructive new botnet called Kimwolf<\/strong> has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes<\/strong>. Today, we\u2019ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf\u2019s spread.<\/p>\n

On Dec. 17, 2025, the Chinese security firm XLab<\/strong> published a deep dive on Kimwolf<\/a>, which forces infected devices to participate in distributed denial-of-service (DDoS) attacks and to relay abusive and malicious Internet traffic for so-called \u201cresidential proxy\u201d services.<\/p>\n

The software that turns one\u2019s device into a residential proxy is often quietly bundled with mobile apps and games. Kimwolf specifically targeted residential proxy software that is factory installed on more than a thousand different models<\/a> of unsanctioned Android TV streaming devices. Very quickly, the residential proxy\u2019s Internet address starts funneling traffic that is linked to ad fraud, account takeover attempts and mass content scraping.<\/p>\n

The XLab report explained its researchers found \u201cdefinitive evidence\u201d that the same cybercriminal actors and infrastructure were used to deploy both Kimwolf and the Aisuru botnet <\/strong>\u2014 an earlier version of Kimwolf that also enslaved devices for use in DDoS attacks and proxy services.<\/p>\n

XLab said it suspected since October that Kimwolf and Aisuru had the same author(s) and operators, based in part on shared code changes over time. But it said those suspicions were confirmed on December 8 when it witnessed both botnet strains being distributed by the same Internet address at 93.95.112[.]59<\/strong>.<\/p>\n

\"\"<\/p>\n

Image: XLab.<\/p>\n<\/div>\n

RESI RACK<\/h2>\n

Public records show the Internet address range flagged by XLab is assigned to Lehi, Utah-based Resi Rack LLC<\/strong>. Resi Rack\u2019s website bills the company as a \u201cPremium Game Server Hosting Provider.\u201d Meanwhile, Resi Rack\u2019s ads on the Internet moneymaking forum BlackHatWorld<\/strong>\u00a0refer to it as a \u201cPremium Residential Proxy Hosting and Proxy Software Solutions Company.\u201d<\/p>\n

Resi Rack co-founder Cassidy Hales<\/strong> told KrebsOnSecurity his company received a notification on December 10 about Kimwolf using their network \u201cthat detailed what was being done by one of our customers leasing our servers.\u201d<\/p>\n

\u201cWhen we received this email we took care of this issue immediately,\u201d Hales wrote in response to an email requesting comment. \u201cThis is something we are very disappointed is now associated with our name and this was not the intention of our company whatsoever.\u201d<\/p>\n

The Resi Rack Internet address cited by XLab on December 8 came onto KrebsOnSecurity\u2019s radar more than two weeks before that. Benjamin Brundage<\/strong> is founder of Synthient<\/a>, a startup that tracks proxy services. In late October 2025, Brundage shared that the people selling various proxy services which benefitted from the Aisuru and Kimwolf botnets were doing so at a new Discord server called resi[.]to<\/strong>.<\/p>\n

\"\"<\/a><\/p>\n

On November 24, 2025, a member of the resi-dot-to Discord channel shares an IP address responsible for proxying traffic over Android TV streaming boxes infected by the Kimwolf botnet.<\/p>\n<\/div>\n

When KrebsOnSecurity joined the resi[.]to Discord channel in late October as a silent lurker, the server had fewer than 150 members, including \u201cShox<\/strong>\u201d \u2014 the nickname used by Resi Rack\u2019s co-founder Mr. Hales \u2014 and his business partner \u201cLinus<\/strong>,\u201d who did not respond to requests for comment.<\/p>\n

Other members of the resi[.]to Discord channel would periodically post new IP addresses<\/a> that were responsible for proxying traffic over the Kimwolf botnet. As the screenshot from resi[.]to above shows, that Resi Rack Internet address flagged by XLab was used by Kimwolf to direct proxy traffic as far back as November 24, if not earlier. All told, Synthient said it tracked at least seven static Resi Rack IP addresses connected to Kimwolf proxy infrastructure between October and December 2025.<\/p>\n

Neither of Resi Rack\u2019s co-owners responded to follow-up questions. Both have been active in selling proxy services via Discord for nearly two years. According to a review of Discord messages indexed by the cyber intelligence firm Flashpoint<\/strong>, Shox and Linus spent much of 2024 selling static \u201cISP proxies\u201d by routing various Internet address blocks at major U.S. Internet service providers.<\/p>\n

In February 2025, AT&T announced<\/a> that effective July 31, 2025, it would no longer originate routes for network blocks that are not owned and managed by AT&T (other major ISPs have since made similar moves). Less than a month later, Shox and Linus told customers they would soon cease offering static ISP proxies as a result of these policy changes.<\/p>\n

\"\"<\/p>\n

Shox and Linux, talking about their decision to stop selling ISP proxies.<\/p>\n<\/div>\n

DORT & SNOW<\/h2>\n

The stated owner of the resi[.]to Discord server went by the abbreviated username \u201cD.\u201d That initial appears to be short for the hacker handle \u201cDort<\/strong>,\u201d a name that was invoked frequently throughout these Discord chats.<\/p>\n

\"\"<\/p>\n

Dort\u2019s profile on resi dot to.<\/p>\n<\/div>\n

This \u201cDort\u201d nickname came up in KrebsOnSecurity\u2019s recent conversations with \u201cForky<\/strong><\/a>,\u201d a Brazilian man who acknowledged<\/a> being involved in the marketing of the Aisuru botnet at its inception in late 2024. But Forky vehemently denied having anything to do with a series of massive and record-smashing DDoS attacks<\/a> in the latter half of 2025 that were blamed on Aisuru, saying the botnet by that point had been taken over by rivals.<\/p>\n

Forky asserts that Dort is a resident of Canada and one of at least two individuals currently in control of the Aisuru\/Kimwolf botnet. The other individual Forky named as an Aisuru\/Kimwolf botmaster goes by the nickname \u201cSnow<\/strong>.\u201d<\/p>\n

On January 2 \u2014 just hours after our story on Kimwolf was published \u2014 the historical chat records on resi[.]to were erased without warning and replaced by a profanity-laced message<\/a> for Synthient\u2019s founder. Minutes after that, the entire server disappeared.<\/p>\n

Later that same day, several of the more active members of the now-defunct resi[.]to Discord server moved to a Telegram channel where they posted Brundage\u2019s personal information, and generally complained about being unable to find reliable \u201cbulletproof\u201d hosting for their botnet.<\/p>\n

Hilariously, a user by the name \u201cRichard Remington\u201d briefly appeared in the group\u2019s Telegram server to post a crude \u201cHappy New Year\u201d sketch that claims Dort and Snow are now in control of 3.5 million devices infected by Aisuru and\/or Kimwolf. Richard Remington\u2019s Telegram account has since been deleted, but it previously stated its owner operates a website<\/a> that caters to DDoS-for-hire or \u201cstresser\u201d services seeking to test their firepower.<\/p>\n

\"\"<\/a><\/span><\/p>\n

BYTECONNECT, PLAINPROXIES, AND 3XK TECH<\/h2>\n

Reports from both Synthient and XLab found that Kimwolf was used to deploy programs that turned infected systems into Internet traffic relays for multiple residential proxy services. Among those was a component that installed a software development kit (SDK) called ByteConnect,<\/strong> which is distributed by a provider known as Plainproxies<\/strong>.<\/p>\n

ByteConnect says it specializes in \u201cmonetizing apps ethically and free,\u201d while Plainproxies advertises the ability to provide content scraping companies with \u201cunlimited\u201d proxy pools. However, Synthient said that upon connecting to ByteConnect\u2019s SDK they instead observed a mass influx of credential-stuffing attacks targeting email servers and popular online websites.<\/p>\n

A search on LinkedIn finds the CEO of Plainproxies is Friedrich Kraft<\/strong>, whose resume<\/a> says he is co-founder of ByteConnect Ltd. Public Internet routing records show Mr. Kraft also operates a hosting firm in Germany called 3XK Tech GmbH<\/strong>. Mr. Kraft did not respond to repeated requests for an interview.<\/p>\n

In July 2025, Cloudflare reported that 3XK Tech (a.k.a. Drei-K-Tech) had become the Internet\u2019s largest source of application-layer DDoS attacks<\/a>. In November 2025, the security firm GreyNoise Intelligence<\/strong> found<\/a> that Internet addresses on 3XK Tech were responsible for roughly three-quarters of the Internet scanning being done at the time for a newly discovered and critical vulnerability in security products made by Palo Alto Networks.<\/p>\n

\"\"<\/p>\n

Source: Cloudflare\u2019s Q2 2025 DDoS threat report.<\/p>\n<\/div>\n

LinkedIn has a profile<\/a> for another Plainproxies employee, Julia Levi<\/strong>, who is listed as co-founder of ByteConnect. Ms. Levi did not respond to requests for comment. Her resume says she previously worked for two major proxy providers: Netnut Proxy Network, and Bright Data.<\/p>\n

Synthient likewise said Plainproxies ignored their outreach, noting that the Byteconnect SDK continues to remain active on devices compromised by Kimwolf.<\/p>\n

MASKIFY<\/h2>\n

Synthient\u2019s January 2 report<\/a> said another proxy provider heavily involved in the sale of Kimwolf proxies was Maskify<\/strong>, which currently advertises on multiple cybercrime forums that it has more than six million residential Internet addresses for rent.<\/p>\n

Maskify prices its service at a rate of 30 cents per gigabyte of data relayed through their proxies. According to Synthient, that price range is insanely low and is far cheaper than any other proxy provider in business today.<\/p>\n

\u201cSynthient\u2019s Research Team received screenshots from other proxy providers showing key Kimwolf actors attempting to offload proxy bandwidth in exchange for upfront cash,\u201d the Synthient report noted. \u201cThis approach likely helped fuel early development, with associated members spending earnings on infrastructure and outsourced development tasks. Please note that resellers know precisely what they are selling; proxies at these prices are not ethically sourced.\u201d<\/p>\n

Maskify did not respond to requests for comment.<\/p>\n

\"\"<\/p>\n

The Maskify website. Image: Synthient.<\/p>\n<\/div>\n

BOTMASTERS LASH OUT<\/h2>\n

Hours after our first Kimwolf story<\/a> was published last week, the resi[.]to Discord server vanished, Synthient\u2019s website was hit with a DDoS attack, and the Kimwolf botmasters took to doxing Brundage via their botnet.<\/p>\n

The harassing messages appeared as text records uploaded to the Ethereum Name Service<\/a> (ENS), a distributed system for supporting smart contracts deployed on the Ethereum blockchain. As documented by XLab, in mid-December the Kimwolf operators upgraded their infrastructure and began using ENS to better withstand the near-constant takedown efforts targeting the botnet\u2019s control servers.<\/p>\n

\"\"<\/p>\n

An ENS record used by the Kimwolf operators taunts security firms trying to take down the botnet\u2019s control servers. Image: XLab.<\/p>\n<\/div>\n

By telling infected systems to seek out the Kimwolf control servers via ENS, even if the servers that the botmasters use to control the botnet are taken down the attacker only needs to update the ENS text record to reflect the new Internet address of the control server, and the infected devices will immediately know where to look for further instructions.<\/p>\n

\u201cThis channel itself relies on the decentralized nature of blockchain, unregulated by Ethereum or other blockchain operators, and cannot be blocked,\u201d XLab wrote.<\/p>\n

The text records included in Kimwolf\u2019s ENS instructions can also feature short messages, such as those that carried Brundage\u2019s personal information. Other ENS text records associated with Kimwolf offered some sage advice: \u201cIf flagged, we encourage the TV box to be destroyed.\u201d<\/p>\n

\"\"<\/p>\n

An ENS record tied to the Kimwolf botnet advises, \u201cIf flagged, we encourage the TV box to be destroyed.\u201d<\/p>\n<\/div>\n

Both Synthient and XLabs say Kimwolf targets a vast number of Android TV streaming box models, all of which have zero security protections, and many of which ship with proxy malware built in. Generally speaking, if you can send a data packet to one of these devices you can also seize administrative control over it.<\/p>\n

If you own a TV box that matches one of these model names and\/or numbers<\/a>, please just rip it out of your network. If you encounter one of these devices on the network of a family member or friend, send them a link to this story (or to our January 2 story on Kimwolf<\/a>) and explain that it\u2019s not worth the potential hassle and harm created by keeping them plugged in.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we\u2019ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf\u2019s spread. On […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[410,113,334,146,411,114,412,413,90,348,414,415,122,416,417,418,409,419,359,420,421,115,422,423,424,425,368,370],"tags":[91],"class_list":["post-498","post","type-post","status-publish","format-standard","hentry","category-3xk-tech-gmbh","category-a-little-sunshine","category-aisuru","category-att","category-benjamin-brundage","category-breadcrumbs","category-byteconnect","category-cassidy-hales","category-cybersecurity","category-ddos-for-hire","category-dort","category-ethereum-name-service","category-flashpoint","category-forky","category-friedrich-kraft","category-greynoise-intelligence","category-internet-of-things-iot","category-julia-levi","category-kimwolf","category-linus","category-maskify","category-neer-do-well-news","category-plainproxies","category-resi-rack-llc","category-shox","category-snow","category-synthient","category-xlab","tag-cybersecurity"],"yoast_head":"\nWho Benefited from the Aisuru and Kimwolf Botnets? - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Who Benefited from the Aisuru and Kimwolf Botnets? - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we\u2019ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf\u2019s spread. On […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-09T00:01:56+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Who Benefited from the Aisuru and Kimwolf Botnets?\",\"datePublished\":\"2026-01-09T00:01:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/\"},\"wordCount\":1890,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/XLab-resito.png\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"3XK Tech GmbH\",\"A Little Sunshine\",\"Aisuru\",\"AT&T\",\"Benjamin Brundage\",\"Breadcrumbs\",\"ByteConnect\",\"Cassidy Hales\",\"Cybersecurity\",\"DDoS-for-Hire\",\"Dort\",\"Ethereum Name Service\",\"Flashpoint\",\"Forky\",\"Friedrich Kraft\",\"GreyNoise Intelligence\",\"Internet of Things (IoT)\",\"Julia Levi\",\"Kimwolf\",\"Linus\",\"Maskify\",\"Ne'er-Do-Well News\",\"Plainproxies\",\"Resi Rack LLC\",\"Shox\",\"Snow\",\"Synthient\",\"XLab\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/\",\"name\":\"Who Benefited from the Aisuru and Kimwolf Botnets? - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/XLab-resito.png\",\"datePublished\":\"2026-01-09T00:01:56+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#primaryimage\",\"url\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/XLab-resito.png\",\"contentUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/XLab-resito.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Who Benefited from the Aisuru and Kimwolf Botnets?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Who Benefited from the Aisuru and Kimwolf Botnets? - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/","og_locale":"en_US","og_type":"article","og_title":"Who Benefited from the Aisuru and Kimwolf Botnets? - Imperative Business Ventures Limited","og_description":"Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we\u2019ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf\u2019s spread. On […]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-01-09T00:01:56+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Who Benefited from the Aisuru and Kimwolf Botnets?","datePublished":"2026-01-09T00:01:56+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/"},"wordCount":1890,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#primaryimage"},"thumbnailUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/XLab-resito.png","keywords":["Cybersecurity"],"articleSection":["3XK Tech GmbH","A Little Sunshine","Aisuru","AT&T","Benjamin Brundage","Breadcrumbs","ByteConnect","Cassidy Hales","Cybersecurity","DDoS-for-Hire","Dort","Ethereum Name Service","Flashpoint","Forky","Friedrich Kraft","GreyNoise Intelligence","Internet of Things (IoT)","Julia Levi","Kimwolf","Linus","Maskify","Ne'er-Do-Well News","Plainproxies","Resi Rack LLC","Shox","Snow","Synthient","XLab"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/","name":"Who Benefited from the Aisuru and Kimwolf Botnets? - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#primaryimage"},"thumbnailUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/XLab-resito.png","datePublished":"2026-01-09T00:01:56+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#primaryimage","url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/XLab-resito.png","contentUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/XLab-resito.png"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/09\/who-benefited-from-the-aisuru-and-kimwolf-botnets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Who Benefited from the Aisuru and Kimwolf Botnets?"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=498"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/498\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=498"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}