Lumen said the activity is linked to Chinese nation-state-backed actors, including Volt Typhoon. The findings point to a growing challenge for enterprise security teams. Many enterprise edge systems remain outside traditional endpoint monitoring, giving adversaries room to move quickly from vulnerability disclosure to targeted reconnaissance.
Lumen added that JDY’s distributed infrastructure can also help operators evade geofencing and other IP-based defenses because the activity may appear to come from legitimate residential or small-business internet traffic.
JDY undermines several defensive assumptions that many enterprises still rely on, according to Sakshi Grover, senior research manager for IDC Asia Pacific Cybersecurity Services.
Geofencing and IP reputation controls have limited value when used in isolation, Grover said, while static blocklists are structurally weak against botnets that continuously rotate compromised infrastructure. JDY also exposes a broader visibility gap around edge devices, which are often difficult for enterprises to monitor with the same rigor as endpoints and cloud workloads.
