China-Linked JDY Botnet Accelerates Reconnaissance of Enterprise Systems

Researchers have identified a China-linked botnet called JDY that uses more than 1,500 compromised SOHO and IoT devices to rapidly discover, fingerprint, and map internet-facing enterprise systems. The network is reportedly associated with Chinese state-backed activity, including links to Volt Typhoon, and is designed to identify vulnerable infrastructure shortly after public vulnerability disclosures. By leveraging residential and small-business devices, the botnet can evade traditional geofencing and IP reputation defenses while collecting detailed intelligence on exposed services, routers, VPNs, firewalls, and other edge systems. Security experts warn that JDY reflects a shift toward industrialized reconnaissance operations, increasing pressure on organizations to accelerate patching and strengthen visibility across internet-facing assets.

Reference: csoonline.com