Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Masjesu Botnet: Global Threat to IoT Devices

Masjesu Botnet: Global Threat to IoT Devices

Posted on April 8, 2026 By CWS

In a recent revelation, cybersecurity experts have unveiled the Masjesu botnet, a sophisticated tool used for orchestrating distributed denial-of-service (DDoS) attacks. This botnet, which emerged in 2023, has been actively promoted as a DDoS-for-hire service on platforms like Telegram, targeting various Internet of Things (IoT) devices including routers and gateways.

Origins and Characteristics of Masjesu Botnet

Masjesu is engineered for stealth and endurance, prioritizing covert operations over massive infections. It carefully avoids IP ranges associated with critical entities like the Department of Defense to prolong its lifespan. Known alternatively as XorBot, it employs XOR-based encryption to obscure its operations, as reported by Trellix security researcher Mohideen Abdul Khader F.

The botnet was initially documented by NSFOCUS, a Chinese security firm, in late 2023, linking it to the alias ‘synmaestro.’ Since then, Masjesu has evolved, incorporating numerous exploits to compromise devices such as routers and cameras from major brands like D-Link, Huawei, and NETGEAR.

Expansion and Recruitment Strategies

Masjesu’s growth is notable, with controllers increasingly leveraging social media for recruitment and marketing purposes. The botnet’s operators use platforms like Telegram to attract potential clients, establishing a solid base for future expansion. This strategy has significantly contributed to its widespread adoption and the continuous addition of new IoT devices under its control.

Recent insights from Trellix highlight Masjesu’s capability to perform volumetric DDoS attacks. This function is facilitated by its extensive botnet infrastructure, making it an ideal tool for targeting content delivery networks, gaming servers, and enterprise systems.

Operational Tactics and Global Reach

Masjesu predominantly operates from countries such as Vietnam, Ukraine, and Iran, with Vietnam alone responsible for about 50% of its activities. After infiltrating a device, the botnet establishes a connection through a hard-coded TCP port. If unsuccessful, the attack ceases immediately. Otherwise, the malware ensures persistence, disables rival processes, and connects to external servers for attack commands.

Furthermore, Masjesu is self-propagating, scanning random IP addresses for vulnerabilities and integrating compromised devices into its network. It has recently added Realtek routers to its exploitation targets, mimicking strategies used by other botnets like JenX and Satori.

The Masjesu botnet continues to expand its influence, infiltrating a diverse array of IoT devices across different manufacturers. By deliberately avoiding high-profile targets, it minimizes legal scrutiny, enhancing its long-term viability. As cybersecurity threats evolve, understanding and mitigating the risks associated with botnets like Masjesu is crucial for protecting global digital infrastructure.

The Hacker News Tags:Botnet, cyber attack, cyber threats, Cybersecurity, DDoS attacks, IoT devices, IoT security, Masjesu, network security, XorBot

Post navigation

Previous Post: IBM Urges Immediate Patch for Identity Access Vulnerabilities
Next Post: US Halts Russian Espionage Using Hacked Routers and DNS Tricks

Related Posts

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys The Hacker News
New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a Human New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a Human The Hacker News
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access The Hacker News
Malicious Telnyx Versions on PyPI: Audio Steganography Attack Malicious Telnyx Versions on PyPI: Audio Steganography Attack The Hacker News
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware The Hacker News
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Maximizing Threat Intelligence for Effective SOC Operations
  • Palo Alto Networks Fixes Critical Security Flaws
  • Windows Update Installs LG App with McAfee Ads
  • QIZ Security Secures $17M for Cryptography Platform
  • UNC6692 Exploits Microsoft Teams for SNOW Malware Attack

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Maximizing Threat Intelligence for Effective SOC Operations
  • Palo Alto Networks Fixes Critical Security Flaws
  • Windows Update Installs LG App with McAfee Ads
  • QIZ Security Secures $17M for Cryptography Platform
  • UNC6692 Exploits Microsoft Teams for SNOW Malware Attack

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark