Back to Home

Masjesu Botnet Attacks IoT for DDoS

Masjesu Botnet Targets IoT Devices for DDoS Attacks, Exploiting Vulnerabilities in Routers and Cameras. Analysis of Tactics, Spread, and Protection Measures from Trellix. The Threat is Growing Due to Weak Device Security.

Masjesu: Stealthy Botnet for DDoS on IoT Devices
Advertisement 728x90

Masjesu Botnet Threatens IoT Devices with Potent DDoS Attacks

Security experts have identified a persistent Masjesu botnet targeting IoT hardware. It exploits vulnerabilities in routers and cameras to organize custom DDoS attacks, spreading primarily through Telegram.

Distribution Tactics and Objectives

Masjesu focuses on stealthily capturing Internet of Things devices, avoiding mass campaigns. The botnet scans specific ports, such as 52869, associated with Realtek components, to find vulnerable targets. Once inside, the malware opens port 55988 for command and control, securing itself in the system while blocking competing processes.

Infections cover equipment from manufacturers like D-Link, Huawei, TP-Link, NETGEAR, and others. Over the past year, the arsenal expanded to 12 exploitation methods, including remote code execution. Major traffic sources include Vietnam, Ukraine, Iran, Brazil, Kenya, and India, accounting for up to 50% of activity.

Google AdInline article slot

Vulnerable Devices and Attack Methods

The botnet targets routers, IP cameras, DVRs, and NVRs from various brands. It bypasses blocked IP ranges, including those linked to US defense structures, minimizing detection risks.

  • Supported Architectures: Multiple platforms, including Realtek.
  • Infection Methods: Exploits for RCE and command injection.
  • Attack Targets: CDNs, game servers, corporate networks.
  • Propagation: Autonomous IP and port scanning, Telegram channels.

This strategy ensures long-term infrastructure resilience.

Context of Threat Evolution

The rise of IoT devices amplifies risks: experts estimate their number will exceed 30 billion by 2025. Botnets like Masjesu (formerly known as XorBot) are evolving, offering DDoS services under a SaaS model. Success factors include weak device security: outdated software, open ports, and lack of updates.

Google AdInline article slot

Consequences for the industry are serious. Attacks paralyze services, causing losses in the millions of dollars. During 2023–2024, similar botnets conducted thousands of incidents, highlighting the need for network segmentation and traffic monitoring.

Key Takeaways

  • Masjesu grows through stealth, avoiding sensitive targets to extend the botnet's lifespan.
  • Impacts 10+ IoT brands, focusing on routers and video systems.
  • Primary traffic originates from Asia and Africa, with services delivered via Telegram.
  • Threat to global services: from gaming to business operations.
  • Recommendations: Update firmware, close ports 52869 and 55988.

Consequences and Protection Measures

Impact on the industry manifests as a 40% increase in custom attacks over the year. Companies face downtime, while CDN providers spend resources on mitigation. Government responses are intensifying: IP blocking and international cooperation.

For IoT users:

Google AdInline article slot
  • Regularly update software.
  • Use firewalls for ports.
  • Monitor traffic for anomalies.
  • Avoid devices without update support.

Experts predict further evolution, with AI integration to optimize attacks.

— Editorial Team

Advertisement 728x90

Read Next