Threat actors have alleged a breach of Huawei’s internal code repositories, claiming to have exfiltrated proprietary source code (including network management software, base station firmware, and security libraries) and development tools. The leaked materials, if verified, expose Huawei’s software architecture, encryption routines, authentication workflows, and potential vulnerabilities, enabling tailored exploits against its global telecommunications infrastructure. The incident heightens geopolitical and national security concerns, particularly for 5G deployments and government networks, as competitors or APT groups could reverse-engineer the code for latent vulnerabilities or sophisticated attacks. While Huawei has not confirmed the breach, the disclosure alone risks eroding trust in its products, potentially leading to delayed approvals, contract revocations, or increased scrutiny from intelligence agencies. Customers are advised to enhance monitoring, patch management, and access controls to mitigate risks from potential zero-day exploits derived from the leak.

Masjesu Botnet: A Stealthy DDoS-for-Hire Threat Expands Its Reach Cybersecurity researchers have uncovered Masjesu, a sophisticated botnet operating as a DDoS-for-hire service since 2023. Marketed via Telegram under the alias XorBot, the malware targets IoT devices including routers, cameras, and gateways across multiple architectures, employing XOR-based encryption to evade detection. First documented by Chinese security firm NSFOCUS in December 2023 and linked to an operator known as synmaestro, Masjesu has since evolved. A 2024 update introduced 12 new exploits targeting devices from D-Link, Huawei, NETGEAR, TP-Link, and others, alongside enhanced DDoS flood modules. Researchers note its rapid growth, with attackers increasingly leveraging Telegram for recruitment and promotion. Trellix’s recent analysis reveals Masjesu’s focus on volumetric DDoS attacks, particularly against CDNs, game servers, and enterprises. The botnet’s infrastructure is heavily concentrated in Vietnam (nearly 50% of observed traffic), with additional activity in Ukraine, Iran, Brazil, Kenya, and India. Once deployed, the malware establishes persistence, disables competing processes, and connects to command servers to execute attacks. Masjesu also self-propagates by scanning for vulnerable devices, including Realtek routers via port 52869 a tactic previously used by botnets like JenX and Satori. Notably, the botnet avoids high-profile targets like the U.S. Department of Defense to minimize legal scrutiny, prioritizing long-term survival over mass infection. As IoT exploitation expands, Masjesu’s low-visibility approach and social media-driven recruitment underscore its adaptability as a persistent cyber threat.