A botnet associated with the Chinese state has expanded to include 1,500 compromised routers and is identifying susceptible targets within hours of being revealed.

A botnet associated with the Chinese state has expanded to include 1,500 compromised routers and is identifying susceptible targets within hours of being revealed.

      **Summary**: The JDY botnet, linked to Chinese state-sponsored hackers, has increased from 650 to over 1,500 compromised small office and home office devices. This botnet scans for newly disclosed vulnerabilities within hours and provides targeting information to state-backed hackers. Identified in December 2023 as part of the KV-botnet used by the Volt Typhoon hacking group, JDY has evolved into an independent reconnaissance tool after the takedown of KV-botnet by the FBI in early 2024.

      Rather than launching direct attacks, JDY conducts scanning, fingerprinting, and mapping of exposed services, sending the results to Chinese state actors for further exploitation. The speed of its operations is impressive, as it exploits new vulnerabilities in devices to compromise routers and grow its network. As of now, the botnet includes a wider variety of devices, having transitioned from solely targeting Cisco routers to compromising models from various manufacturers including Araknis, Mimosa Networks, Ubiquiti, Draytek, Hikvision, and Linksys.

      This diversity in targeting helps the botnet avoid detection, as it uses a broad range of IP addresses, deploying compromised devices that blend in with legitimate traffic. The operators utilize layered management through Tor nodes, and the malware adjusts its scanning techniques based on the level of access it has. Black Lotus Labs noted that disrupting individual nodes does not diminish the botnet's overall capabilities, which continue to adapt and provide swift targeting data following vulnerability disclosures. As a result, timely patching of edge devices is crucial, as traditional defenses are ineffective against scanning from numerous legitimate-seeming residential IP addresses.

Other articles

The trailer for Social Reckoning has been released, and Jeremy Strong seems like the ideal candidate to portray Mark Zuckerberg. The trailer for Social Reckoning has been released, and Jeremy Strong seems like the ideal candidate to portray Mark Zuckerberg. Aaron Sorkin makes a comeback with The Social Reckoning, a companion work to The Social Network, focusing on the Facebook whistleblower controversy, featuring Jeremy Strong in the role of Zuckerberg. iOS 27: All the information regarding the new features coming to your iPhone. iOS 27: All the information regarding the new features coming to your iPhone. Apple's iOS 27 update introduces enhancements to Siri AI and Apple Intelligence, but the minor enhancements to Mail, AirDrop, Photos, Shortcuts, AirPods, and overall compatibility are equally important. Here’s a summary of everything disclosed about iOS 27. The researcher who was threatened by Microsoft has just released a seventh Windows zero-day within hours of Patch Tuesday. The researcher who was threatened by Microsoft has just released a seventh Windows zero-day within hours of Patch Tuesday. Chaotic Eclipse released RoguePlanet, a Windows Defender zero-day that provides SYSTEM access on completely updated machines, just hours after Microsoft's significant update featuring 200 fixes. ChatGPT is suggesting fraudulent websites that could take your credit card information. ChatGPT is suggesting fraudulent websites that could take your credit card information. According to the scam-checking service Ask Silver, ChatGPT is displaying fraudulent replicas of inactive retail websites when users seek product recommendations. These counterfeit storefronts aim to steal payment details. Your Technology, Your Style with JLab: The Case for Affordable Premium Audio Your Technology, Your Style with JLab: The Case for Affordable Premium Audio Whether it's for work calls, exercise, commuting, or leisurely breaks, each part of the day requires different performance from our audio equipment. JLab's newest collection is centered around the straightforward concept that personal technology should conform to our daily lives, rather than the reverse, all while making high-quality features accessible. A botnet connected to the Chinese state has expanded to 1,500 compromised routers and is identifying vulnerable targets within hours of their announcement. A botnet connected to the Chinese state has expanded to 1,500 compromised routers and is identifying vulnerable targets within hours of their announcement. The JDY botnet, associated with China's Volt Typhoon, has increased in size and now searches for newly revealed vulnerabilities within hours. The majority of its nodes are located in the United States.

A botnet associated with the Chinese state has expanded to include 1,500 compromised routers and is identifying susceptible targets within hours of being revealed.

The JDY botnet, associated with China's Volt Typhoon, has increased its size twofold and now searches for recently exposed vulnerabilities within a matter of hours. The majority of its nodes are located in the United States.