JDY botnet has expanded from about 650 active bots to more than 1,500 compromised SOHO and IoT devices, with a strong focus on the United States and military-related targets. Black Lotus Labs says the network is used for reconnaissance and rapid scanning of newly disclosed vulnerabilities, including targets such as Cisco, Ubiquiti, Hikvision, Linksys, and Fortinet. #JDY #VoltTyphoon #CISA #Fortinet #Cisco #Ubiquiti #Hikvision #Linksys
Keypoints
- JDY botnet has more than doubled its size since January 2024.
- The botnet focuses heavily on U.S. military and associated networks.
- It is used for scanning, fingerprinting, and reconnaissance, not DDoS attacks.
- JDY quickly targets newly disclosed flaws, including CVE-2026-35616.
- Operators use Tor-based C2 infrastructure and compromised edge devices for control.