Chinese-linked influence and hacking operations are getting a fresh coat of paint: botnets are back in play, AI tools are being used to produce propaganda, and US authorities are shutting down fake consulting sites built to recruit insiders. The common thread is low-cost, high-volume pressure on American tech and information systems – the kind of campaign that is messy, persistent, and annoyingly hard to kill for good.
That picture starts with the China-linked Volt Typhoon botnet, which the FBI said it had taken down in January 2024. Researchers at Black Lotus Labs now say one part of that network, the JDY cluster, is still alive, with more than 1,500 infected devices operating in the shadow network. For attackers, that means an old infrastructure layer can keep doing quiet work long after the headlines have moved on.
ChatGPT becomes a propaganda factory
The newer twist is how openly generative AI is being folded into the playbook. According to the source material, ChatGPT has been used to generate comic strips and cartoons attacking AI data centers built in the US, as well as apps that rely on AI, with the content pushed out on X through fake accounts. The posts try to look credible by linking to real news stories about data centers, which is clever in the boring way disinformation often is: not by inventing reality, but by borrowing enough of it to pass a quick glance test.
There is also a more targeted version of the same trick. The accounts reportedly used ChatGPT to mock US technology policy and tariffs, while explicitly avoiding satire aimed at China’s leader and steering the jokes toward the US president. That asymmetry matters: this is not random internet trolling, it is curated political messaging with a technological wrapper.
Why AI data centers are a new propaganda target
US AI data centers have become an easy symbol for everything people already argue about: energy use, local infrastructure, national security, and who benefits from the AI boom. That makes them perfect bait for influence operations. Even without the source material spelling it out, the pattern is familiar from earlier disinformation campaigns around telecom gear, chips, and cloud infrastructure: pick the hottest industrial buildout, then try to poison the conversation around it.
- Botnet cluster still active: JDY
- Infected devices reported by Black Lotus Labs: more than 1,500
- Fake consulting sites taken down by US authorities: 13
There is a second layer here too. ChatGPT was reportedly used to help build monitoring systems for US social networks, which suggests attackers are not just posting content but also trying to watch the reaction loop. That is the modern influence stack in miniature: generate, publish, measure, repeat.
The recruitment scheme was more old-school
While the AI content grabs attention, the recruitment operation sounds almost quaint. US officials secured an order and shut down 13 websites tied to fake consulting firms that were used to recruit Americans, including current and former holders of access to classified information. LinkedIn was part of the funnel, with the shell companies advertising jobs such as ”senior analyst” and ”consultant for international affairs” since November 2023.
The payoff was the real lure: candidates were paid for handing over closed and even secret information, with some transfers made in cryptocurrency to blur the paper trail. That is not an advanced exploit. It is old-fashioned espionage dressed up as a professional services gig, which may be why it keeps working.
What comes after the takedowns
The obvious question is whether the arrests, sinkholes, and site seizures change the underlying campaign. They may slow specific operators, but the blend of botnets, fake personas, AI-generated content, and recruiter-style phishing is cheap to rebuild. If anything, the lesson is that the target set has widened: it is no longer just networks and endpoints, but the public argument around the infrastructure being built on top of them.