A botnet made up of compromised small office and Internet of Things devices has grown into a larger reconnaissance network capable of rapidly identifying vulnerable internet-facing systems after public vulnerability disclosures, researchers said.
The botnet, tracked by Lumen’s Black Lotus Labs as JDY, now comprises more than 1,500 compromised small office and home office, or SOHO, and IoT devices, and is being used to “discover, fingerprint and continuously map exposed services at scale.”
Lumen said the activity is linked to Chinese nation-state-backed actors, including Volt Typhoon. The findings point to a growing challenge for enterprise security teams. Many enterprise edge systems remain ...