Chinese Threat Actors Rebuild Botnets, Target AI Data Center Debate

Chinese state-linked threat actors have rebuilt a botnet to more than 1,500 devices and attempted to use OpenAI's ChatGPT to influence the AI data center policy debate, according to reports from Lumen Technologies, OpenAI, and other security firms. The activity spans cyber reconnaissance and information operations.

Lumen's Black Lotus Labs reported that the JDY botnet, associated with Chinese state-sponsored actors, now comprises over 1,500 small office and home office (SOHO) and IoT devices. The botnet operates as a centrally controlled scanner used to discover, fingerprint, and map exposed services at scale.

Botnet Expansion and Reconnaissance

The JDY botnet's resurgence marks a significant escalation in Chinese cyber capabilities. Researchers noted that the network is used for continuous reconnaissance of vulnerable systems globally. Key details include:

• The botnet grew from a few hundred devices to over 1,500 in recent months.
• It targets SOHO routers and IoT devices with weak security configurations.
• The network performs high-performance scanning to identify exposed services for potential exploitation.
• Lumen's analysis indicates the botnet is used for intelligence gathering rather than direct disruption.

Separately, OpenAI disclosed that a likely Chinese influence operation attempted to use ChatGPT to generate content aimed at stirring debate around AI data center construction. The company said there is little evidence the campaign influenced any real policy discussion.

Influence Operations and Policy Manipulation

The influence operation, which OpenAI described as a covert campaign, sought to amplify divisions in public discourse about the environmental and economic impact of AI data centers. The actors used ChatGPT to produce articles and social media posts that appeared to originate from multiple personas. OpenAI's threat intelligence team identified the activity and disrupted the accounts.

This dual approach of technical intrusion and information manipulation reflects a broader strategy by Chinese state actors to gain advantage in the AI sector. The botnet provides reconnaissance data that could inform future cyberattacks, while the influence campaign aims to shape policy outcomes favorable to Chinese interests.

Security experts warn that the combination of cyber espionage and information operations poses a growing threat to critical infrastructure and public discourse. The JDY botnet's expansion suggests Chinese actors are investing in persistent access to global networks, while the ChatGPT campaign indicates a willingness to exploit AI tools for propaganda.

What comes next: Organizations should audit their SOHO and IoT devices for vulnerabilities and monitor for unusual scanning activity. Policymakers are urged to consider the dual nature of these threats when crafting regulations for AI and data center security.