Kimwolf Botnet Swamps Anonymity Network I2P
6 hours ago
- #Botnet
- #I2P
- #Cybersecurity
- The Kimwolf botnet has been disrupting the I2P network, a decentralized and encrypted communications network.
- Kimwolf, active since late 2025, infects IoT devices to use them for malicious traffic and large DDoS attacks.
- I2P is a privacy-focused network that routes data through encrypted layers to ensure anonymity.
- On February 3, I2P users reported network disruptions due to a sudden influx of Kimwolf-infected routers.
- Kimwolf operators admitted to accidentally disrupting I2P by attempting to join 700,000 infected bots as nodes.
- The disruption is classified as a 'Sybil attack,' where fake identities overwhelm a peer-to-peer network.
- I2P normally consists of 15,000 to 20,000 devices, but Kimwolf's attempt involved many times that number.
- Kimwolf operators are experimenting with I2P and Tor as backup command and control networks.
- Cloudflare faced challenges last year when Kimwolf-infected devices started using its DNS settings.
- A new I2P release is expected to improve network stability in the coming week.
- Kimwolf's numbers dropped by over 600,000 due to internal issues among its operators.