China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Summary
A China-linked botnet named JDY has reportedly resurged and expanded, now encompassing over 1,500 small office/home office and IoT devices. This botnet functions as a high-performance scanner, used by state-sponsored threat actors to discover, fingerprint, and map exposed services at scale for cyber reconnaissance.
IFF Assessment
The expansion of a reconnaissance botnet used by state-sponsored actors represents an increased threat to organizations and individuals by enabling more efficient discovery of potential targets.
Defender Context
The growth of the JDY botnet highlights the ongoing threat of sophisticated reconnaissance activities by state-sponsored groups. Defenders should remain vigilant about monitoring for unusual scanning activity and ensuring their external-facing services are properly secured and inventoried.