Masjesu Botnet Operators Launch Global DDoS Campaign Targeting Enterprises
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON (AP) — A criminal group operating the Masjesu botnet has launched a coordinated series of distributed denial-of-service attacks targeting enterprise networks and Internet of Things devices worldwide, offering the disruption as a for-hire service.
The campaign, which began on April 8, 2026, has generated significant traffic across multiple continents. Network security analysts tracking the activity identified that nearly 50% of the malicious traffic originated from servers and compromised devices located in Vietnam. The attacks are designed to overwhelm target systems with excessive data requests, rendering services inaccessible to legitimate users.
Masjesu operators are marketing the botnet’s capabilities to clients seeking to disrupt competitors or extract ransom payments. The service allows attackers to direct waves of traffic at specific IP addresses, causing outages that can last for hours or days depending on the intensity of the assault. Victims include financial institutions, healthcare providers, and telecommunications firms, though specific targets have not been publicly disclosed.
The botnet relies on a network of compromised IoT devices, including smart cameras, routers, and industrial controllers, to generate the volume of traffic necessary to take down high-capacity servers. Security experts warn that the use of IoT devices makes the attacks particularly difficult to mitigate, as the compromised hardware is often poorly secured and distributed across various jurisdictions.
Vietnam’s Ministry of Information and Communications has acknowledged the surge in malicious traffic originating from within its borders but has not confirmed whether local authorities have identified the operators behind the Masjesu botnet. The government stated it is cooperating with international partners to trace the source of the attacks and disrupt the infrastructure supporting them.
Cybersecurity firms have issued alerts to enterprise clients, recommending immediate updates to firewall rules and the implementation of traffic filtering mechanisms to mitigate the impact of the attacks. Some organizations have reported successful defenses, while others continue to experience intermittent service disruptions.
The Masjesu botnet represents a significant escalation in the sophistication of DDoS-as-a-service operations. Unlike previous campaigns that relied on single vectors, this operation utilizes multiple attack vectors simultaneously, making it harder for defenders to identify and block the malicious traffic.
As of late afternoon on April 8, the attacks were still ongoing, with no indication that the operators had ceased their activities. Law enforcement agencies in several countries have launched investigations into the group, but the decentralized nature of the botnet complicates efforts to dismantle it.
Questions remain regarding the identity of the Masjesu operators and the extent of their financial backing. Additionally, it is unclear whether the group plans to expand its operations to other sectors or regions in the coming weeks. Security experts are monitoring the situation closely, anticipating further developments as the campaign continues.