Lumen's Black Lotus Labs warns that JDY, a covert botnet tied to Chinese state-linked groups including Volt Typhoon, has more than doubled to over 1,500 hacked home and small-office routers, firewalls, and IoT devices. Unlike a DDoS botnet, JDY is a distributed scanning network: it fingerprints exposed services across the internet and flags systems vulnerable to newly disclosed bugs, often within hours of disclosure. It keeps a heavy focus on the US, especially military and associated networks, and survived the 2024 FBI takedown of its parent KV-botnet. Because traffic comes from thousands of ordinary residential IPs, simple IP blocking does not stop it.