Lumen's Black Lotus Labs warns that JDY, a covert botnet tied to Chinese state-linked groups including Volt Typhoon, has more than doubled to over 1,500 hacked home and small-office routers, firewalls, and IoT devices. Unlike a DDoS botnet, JDY is a distributed scanning network: it fingerprints exposed services across the internet and flags systems vulnerable to newly disclosed bugs, often within hours of disclosure. It keeps a heavy focus on the US, especially military and associated networks, and survived the 2024 FBI takedown of its parent KV-botnet. Because traffic comes from thousands of ordinary residential IPs, simple IP blocking does not stop it.
Polish intelligence service ABW announced Wednesday that hackers attacked the industrial control systems at multiple Polish water treatment plants. The Record reports the targeting profile is consistent with state-aligned activity - patient reconnaissance, careful access, no data destruction. Polish authorities have not formally attributed the attack but the timing (alongside Russia-Ukraine conflict and Russia's interest in Polish infrastructure as a NATO frontline state) is unmistakable. Similar incidents have been reported in Germany, Austria, and the Netherlands over the past 12 months. No service disruption was reported, but the access establishes pre-positioning.