A China-linked botnet, known as JDY, has expanded to comprise over 1,500 compromised small office and Internet of Things devices, leveraging them to rapidly identify vulnerable internet-facing systems following public vulnerability disclosures. This reconnaissance network, tracked by Lumen's Black Lotus Labs, is capable of discovering, fingerprinting, and continuously mapping exposed services on a large scale. The botnet's ability to outpace enterprise defenses poses a significant threat, as it can quickly exploit newly disclosed vulnerabilities, giving attackers a substantial advantage. The fact that this activity is linked to a Chinese nation-state1 shifts the threat model from a traditional criminal threat to a geopolitical one, requiring a different approach to defense. This change in threat model matters to security practitioners, as it necessitates a more nuanced and sophisticated defense strategy to counter the botnet's capabilities.