Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Masjesu Botnet: Global Threat to IoT Devices

Masjesu Botnet: Global Threat to IoT Devices

Posted on April 8, 2026 By CWS

In a recent revelation, cybersecurity experts have unveiled the Masjesu botnet, a sophisticated tool used for orchestrating distributed denial-of-service (DDoS) attacks. This botnet, which emerged in 2023, has been actively promoted as a DDoS-for-hire service on platforms like Telegram, targeting various Internet of Things (IoT) devices including routers and gateways.

Origins and Characteristics of Masjesu Botnet

Masjesu is engineered for stealth and endurance, prioritizing covert operations over massive infections. It carefully avoids IP ranges associated with critical entities like the Department of Defense to prolong its lifespan. Known alternatively as XorBot, it employs XOR-based encryption to obscure its operations, as reported by Trellix security researcher Mohideen Abdul Khader F.

The botnet was initially documented by NSFOCUS, a Chinese security firm, in late 2023, linking it to the alias ‘synmaestro.’ Since then, Masjesu has evolved, incorporating numerous exploits to compromise devices such as routers and cameras from major brands like D-Link, Huawei, and NETGEAR.

Expansion and Recruitment Strategies

Masjesu’s growth is notable, with controllers increasingly leveraging social media for recruitment and marketing purposes. The botnet’s operators use platforms like Telegram to attract potential clients, establishing a solid base for future expansion. This strategy has significantly contributed to its widespread adoption and the continuous addition of new IoT devices under its control.

Recent insights from Trellix highlight Masjesu’s capability to perform volumetric DDoS attacks. This function is facilitated by its extensive botnet infrastructure, making it an ideal tool for targeting content delivery networks, gaming servers, and enterprise systems.

Operational Tactics and Global Reach

Masjesu predominantly operates from countries such as Vietnam, Ukraine, and Iran, with Vietnam alone responsible for about 50% of its activities. After infiltrating a device, the botnet establishes a connection through a hard-coded TCP port. If unsuccessful, the attack ceases immediately. Otherwise, the malware ensures persistence, disables rival processes, and connects to external servers for attack commands.

Furthermore, Masjesu is self-propagating, scanning random IP addresses for vulnerabilities and integrating compromised devices into its network. It has recently added Realtek routers to its exploitation targets, mimicking strategies used by other botnets like JenX and Satori.

The Masjesu botnet continues to expand its influence, infiltrating a diverse array of IoT devices across different manufacturers. By deliberately avoiding high-profile targets, it minimizes legal scrutiny, enhancing its long-term viability. As cybersecurity threats evolve, understanding and mitigating the risks associated with botnets like Masjesu is crucial for protecting global digital infrastructure.

The Hacker News Tags:Botnet, cyber attack, cyber threats, Cybersecurity, DDoS attacks, IoT devices, IoT security, Masjesu, network security, XorBot

Post navigation

Previous Post: IBM Urges Immediate Patch for Identity Access Vulnerabilities
Next Post: US Halts Russian Espionage Using Hacked Routers and DNS Tricks

Related Posts

Vendors Address Critical Security Vulnerabilities in Software Vendors Address Critical Security Vulnerabilities in Software The Hacker News
New Fast16 Malware Uncovered: Cybersecurity Concerns Rise New Fast16 Malware Uncovered: Cybersecurity Concerns Rise The Hacker News
Linux Kernel Vulnerabilities Highlight Security Concerns Linux Kernel Vulnerabilities Highlight Security Concerns The Hacker News
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers The Hacker News
New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories The Hacker News
How to Use Ringfencing to Prevent the Weaponization of Trusted Software How to Use Ringfencing to Prevent the Weaponization of Trusted Software The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Windows Update Installs LG App with McAfee Ads
  • QIZ Security Secures $17M for Cryptography Platform
  • UNC6692 Exploits Microsoft Teams for SNOW Malware Attack
  • UK Unveils Cybersecurity Strategy with AI Defense Initiative
  • GodDamn Ransomware Employs PoisonX to Bypass Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Windows Update Installs LG App with McAfee Ads
  • QIZ Security Secures $17M for Cryptography Platform
  • UNC6692 Exploits Microsoft Teams for SNOW Malware Attack
  • UK Unveils Cybersecurity Strategy with AI Defense Initiative
  • GodDamn Ransomware Employs PoisonX to Bypass Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark