A Chinese-linked botnet just hit 1,500 routers and started scanning fresh exploits.
Lumen's Black Lotus Labs says the JDY botnet has more than doubled in size, now covering small office/home office routers, firewalls and other IoT devices. The researchers observed it begin scanning for newly disclosed vulnerabilities within hours of a security advisory going public. The activity appears coordinated with state-sponsored threat actors.
The speed of the scans compresses the time vendors have to issue patches, turning a typical weeks‑long window into a matter of days or less. It also proves that low‑cost consumer hardware remains a lucrative entry point for nation‑state campaigns, forcing enterprises to rethink edge security.
Such rapid reconnaissance isn’t new, but the scale and state link raise the stakes for everyday network owners.