China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Cybersecurity researchers have identified a resurgence and expansion of the JDY botnet, a covert network linked to China-nexus state-sponsored threat actors. The JDY botnet has grown to encompass over 1,500 small office and home office (SOHO) and Internet of Things (IoT) devices. This botnet functions as a centrally controlled, high-performance scanner designed for discovering, fingerprinting, and continuously mapping exposed services on a large scale. Lumen, a cybersecurity firm, reported that the botnet's primary objective is cyber reconnaissance, enabling threat actors to identify potential targets and vulnerabilities within networks. The expansion indicates a sustained and evolving threat from these actors, who are leveraging compromised consumer-grade devices to conduct their operations. The sophistication of the JDY botnet lies in its ability to operate discreetly while scanning vast numbers of internet-connected devices, making it a significant tool for intelligence gathering and pre-attack operations. This development highlights the ongoing challenges in securing the expanding landscape of SOHO and IoT devices, which often lack robust security measures and are susceptible to compromise.
Original source — read the full reporting at the publisher:
Read on The Hacker News