• FACEBOOK
  • INSTAGRAM
  • TWITTER
  • LINKDIN

Masjesu Botnet Aims to Extort Smart Factory Floors

Key Takeaways

  • The Masjesu botnet targets unpatched industrial IoT devices, leading to significant operational risks and extortion.
  • This botnet executes stealthy DDoS attacks, overwhelming smart factories and causing potential downtime.
  • Vulnerable IoT devices become hostile nodes, disrupting data streams crucial for automated operations.

Exploiting Vulnerabilities in Smart Factories

Unpatched industrial IoT devices are increasingly vulnerable to cyberattacks, placing smart manufacturing facilities at risk of commercial extortion and severe operational downtime. The integration of millions of connected sensors, actuators, and cameras within these facilities forms a vast and often poorly secured attack surface.

Researchers at Trellix are monitoring the Masjesu botnet, operational since early 2023 and projected to continue through 2026. Unlike traditional malware, which typically spreads aggressively across desktop and server environments, Masjesu is designed for stealth and longevity, specifically targeting embedded IoT systems. It scans for various processor architectures common in smart meters, warehouse robotics, and surveillance equipment.

The botnet operates as a DDoS-for-hire service, accessible via Telegram. Its operators rent out the compromised network to clients, enabling them to unleash massive network floods that can reach hundreds of gigabits per second. For industrial facilities reliant on continuous IoT data streams, this translates to damaging downtime.

As legacy systems are bridged with more modern IIoT platforms, the lack of native security monitoring in edge devices becomes problematic. Plant managers often avoid firmware updates on peripheral devices for fear of disrupting fragile production processes, a hesitation that cybercriminals exploit. Masjesu actively hunts unpatched IoT gateways by probing random IP addresses to find vulnerabilities.

An attack from Masjesu disrupts essential functions in manufacturing and logistics by overwhelming networks with traffic. An example occurred in October 2025, when the botnet initiated an ACK flood attack, reaching approximately 290 gigabits per second. This kind of assault severely impacts the data flow needed for automated production lines, risking both equipment safety and supply chain continuity.

The botnet operates on a global scale, with nearly half of its traffic originating from Vietnam. Other contributing countries include Ukraine, Iran, Brazil, Kenya, and India, complicating efforts for traditional firewalls to distinguish between genuine operational traffic and malicious activity. Security teams face the daunting task of maintaining network uptime while wading through vast amounts of spoofed requests.

Masjesu’s malware utilizes XOR-based encryption to conceal command-and-control instructions, allowing it to bypass simple detection tools commonly employed on corporate networks. The initial payload decrypts at runtime, initiating multiple persistence routines to hijack compromised hardware. It runs discreetly on low-resource IoT systems, thereby maintaining control and evading detection.

This malware also disables critical functionalities, including remote access for operational technology engineers by terminating secure shell daemons. This measure hinders any attempts at remediation and ensures the botnet retains control over the breached devices.

Masjesu exploits known vulnerabilities from several major IoT hardware vendors, targeting common ports utilized by various endpoint services and devices. Once a vulnerability is exploited, the compromised device can initiate contact with a command-and-control server, allowing for the execution of network flood attacks.

The operators of Masjesu have strategically avoided targeting sensitive military and government infrastructures, reducing the risk of retaliation from law enforcement. This calculated approach enables the botnet to operate profitably, focusing on private enterprise networks while leaving operational and financial repercussions to the facilities plagued by unsecured IoT environments.

The content above is a summary. For more details, see the source article.

Leave a Comment

Your email address will not be published. Required fields are marked *

ADVERTISEMENT

Indo-Pacific Business Promotion Council (IPacBiz)
Indo-Pacific Business Promotion Council (IPacBiz)
Indo-Pacific Business Promotion Council (IPacBiz)
Indo-Pacific Business Promotion Council (IPacBiz)
Indo-Pacific Business Promotion Council (IPacBiz)

Become a member

RELATED NEWS

Aaronia-11-19-24.jpg

The G20 Summit in Brazil: High-Tech “Made in Germany” Protects G20 Participants from Illegal Drones

Smart Cities

Salt_Lake_City12_smart_cities_Adobe1_rt.jpg

Salt Lake City Unveils Comprehensive Digital Service Tool for Residents

Smart Cities

Little_Rock_Arkansas_smart_cities_Adobe1.jpg

US Cities Awarded Innovation Grants to Boost Economic Mobility

Smart Cities

1200x800_ChargeGuru_Charger_smart_cities_PR1_rt.jpg

EV Infrastructure Influencing Purchase and Rental Choices in the UK

Smart Cities

Become a member

Scroll to Top