Back

Masjesu Botnet Launches DDoS Attacks Targeting IoT Devices

Severity: High (Score: 66.5)

Sources: Ground.News, Gbhackers, Thehackernews, Securityaffairs.Co, Scworld

Summary

The Masjesu botnet, also known as XorBot, has been identified as a DDoS-for-hire service targeting routers and IoT devices since 2023. It operates stealthily, avoiding high-profile networks to evade detection while executing high-volume distributed denial-of-service attacks. The botnet has been advertised on Telegram and is capable of exploiting various architectures, turning everyday network hardware into tools for commercial attacks. As of 2026, Masjesu remains active and continues to reshape the DDoS landscape, posing significant risks to organizations relying on exposed IoT infrastructure. The botnet's maturity and stealth tactics highlight the evolving threat posed by such malicious services in the cybersecurity domain. Key Points: • Masjesu botnet has been operational since 2023, targeting IoT devices. • It utilizes stealth tactics to avoid detection while executing DDoS attacks. • The botnet is advertised as a DDoS-for-hire service on Telegram.

Key Entities

  • Botnet (attack_type)
  • DDoS (attack_type)
  • India (country)
  • Ukraine (country)
  • Vietnam (country)
  • Masjesu (malware)
  • Masjesu Botnet (malware)
  • XorBot (malware)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed