THE JDY botnet has re-emerged following the takedown of the KV botnet, specifically targeting military networks. Initially spotted in late 2023, JDY features over 1,500 compromised SOHO and IoT devices, primarily in the U.S., with a significant increase from earlier counts. This botnet focuses on reconnaissance, using sophisticated scanning techniques to map exposed services rather than launching direct attacks.
By employing various devices from multiple manufacturers, JDY can effectively evade defenses, adapting its scanning activities based on the privileges of infected devices. Following the public disclosure of vulnerabilities, the JDY botnet rapidly shifts its focus to exploit unpatched systems, indicating a highly coordinated reconnaissance effort to support later attacks.