The JDY botnet, a scanning and reconnaissance network linked to Chinese threat actors such as Volt Typhoon, has more than doubled its size over the past year. Now comprising over 1,500 compromised SOHO and IoT devices, the botnet primarily targets United States military and associated infrastructure. Unlike typical DDoS botnets, JDY focuses on rapid service discovery and protocol fingerprinting to identify vulnerable assets shortly after public vulnerability disclosures.
Recent analysis by Black Lotus Labs reveals that JDY operators utilize hidden Tor services for command-and-control and the Platypus framework for host management. The malware employs sophisticated techniques like stealthy raw SYN scanning to perform high-speed reconnaissance. Organizations are urged to secure edge devices, disable exposed administrative interfaces, and monitor for unusual outbound scanning to mitigate the risk of being recruited into or targeted by this expanding network.
Top comments (0)