Kimwolf Howls from Inside the Enterprise

Infoblox telemetry analysis shows the Kimwolf botnet actively abusing residential proxy services to scan enterprise and institutional networks for vulnerable local devices (notably Android TVs), with nearly 25% of Threat Defense Cloud customers having at least one query to Kimwolf-associated domains; the report includes observed domains and proxy endpoints, industry distribution, temporal activity, and recommends protective DNS, blocking suspicious/bogon responses, and reviewing DNS logs for related indicators.