New Mirai and Gafgyt Botnet Variants Target Apache Struts and SonicWall GMS

Researchers at Palo Alto Network’s Unit 42 have identified new variants of the Mirai and Gafgyt internet-of-things (IoT) botnets. The newest Mirai botnet is targeting the same Apache Struts vulnerability, CVE-2017-5638, exploited in the 2017 Equifax breach, while the new Gafgyt botnet is targeting a recently disclosed vulnerability, CVE-2018-9866, in older, unsupported versions of the SonicWall Global Management System (GMS). These botnet variants have been used in major distributed denial-of-service (DDoS) attacks since at least September 2016. The NJCCIC recommends administrators of Apache Struts and SonicWall GMS, as well as IoT devices, review the Unit 42 report and ensure the aforementioned products are kept up-to-date with the latest patch levels.