theregister.com via Reddit

China Revives KV-Botnet and Targets US AI Policy

openai cybersecurity china ai surveillance

Key insights

  • The JDY botnet cluster rebuilt to over 1,500 compromised devices after the FBI's January 2024 takedown, with US military entities as primary targets.
  • OpenAI banned Chinese-linked ChatGPT accounts that generated content framing AI datacenters as drivers of higher electricity costs for ordinary Americans.
  • The US Justice Department seized 13 fake consulting websites used since November 2023 to solicit classified information from security clearance holders.

Why this matters

AI practitioners and security leaders now face a landscape where language models can be weaponized against the same policy debates that determine AI infrastructure funding and regulation. The botnet's rapid resurrection to over 1,500 devices after a January 2024 FBI takedown demonstrates that law enforcement disruptions create temporary setbacks, not permanent defeats, for state-level threat actors. For founders and technical leaders, simultaneous targeting of network infrastructure, public opinion on AI spending, and human intelligence assets confirms that protecting the AI buildout requires thinking beyond product security to geopolitical threat modeling.

Summary

China-linked operators rebuilt the KV-botnet's JDY cluster to over 1,500 compromised devices after the FBI dismantled the original in January 2024. Lumen's Black Lotus Labs confirmed a clear focus on US military and associated entities, with actors exploiting vulnerabilities shortly after public disclosures. OpenAI banned ChatGPT accounts from two Chinese clusters that generated content framing AI datacenters as driving up electricity costs for ordinary Americans. Neither campaign gained authentic engagement, per Ben Nimmo of OpenAI, who noted operators specifically instructed ChatGPT not to produce cartoons of Xi Jinping. Essentially: (Lumen Black Lotus Labs, OpenAI, US Justice Department) each tracked separate arms of the same coordinated operation. - Justice Department seized 13 fake consulting websites used since November 2023 to recruit security clearance holders for classified information - Recruits were compensated via cryptocurrency through fictitious account names Network intrusion, AI-generated narratives, and human intelligence recruitment running in parallel marks an increasingly integrated Chinese threat model targeting the US.

Potential risks and opportunities

Risks

  • US military contractors and associated entities face active reconnaissance from 1,500-plus JDY cluster nodes, raising the likelihood of targeted intrusions within days of new CVE disclosures
  • AI datacenter developers and energy utilities could face amplified opposition in state-level permitting processes if similar influence campaigns scale with more authentic-seeming accounts
  • Security clearance holders contacted via the 13 seized fake consulting websites may have undisclosed ongoing relationships, leaving intelligence gaps the Justice Department action has not fully closed

Opportunities

  • Network security vendors tracking Volt Typhoon infrastructure, including Lumen Black Lotus Labs, gain credibility and contract leverage with US defense agencies facing active JDY cluster targeting
  • AI policy advocates can cite OpenAI's published intelligence showing Chinese operators tried and failed to manufacture AI datacenter opposition, strengthening the pro-buildout narrative in ongoing policy debates
  • Cyber threat intelligence platforms that monitor botnet infrastructure are well-positioned to offer early-warning services to defense contractors now identified as primary JDY cluster targets

What we don't know yet

  • Attribution specificity: the article does not confirm whether the JDY cluster operators and the ChatGPT influence clusters are the same group or separate coordinated entities
  • Scope of actual data exfiltration from US military entities via the JDY cluster is undisclosed, leaving operational damage unknown
  • Whether OpenAI's account bans fully stopped the influence campaigns or if operators have migrated to other AI platforms is not addressed

Originally reported by theregister.com

Read the original article →

Original headline: Chinese-Linked Operators Rebuild KV-Botnet to 1,500+ Devices and Use ChatGPT to Manipulate US AI Datacenter Policy Debate