New Mirai, Gafgyt IoT botnet variants target systems with Apache Struts, SonicWall vulnerability exploits

New variants of IoT botnets Mirai and Gafgyt are increasingly targeting enterprise devices with outdated versions and unpatched vulnerabilities.

According to Palo Alto’s Unit 42 research team, the new Mirai version now targets the same Apache Struts vulnerability linked to the Equifax data breach in 2017.

The new Gafgyt variant targets a newly disclosed vulnerability that impacts older, unsupported versions of SonicWall’s Global Management System (GMS).

On September 7, 2018, Unit 42 found new samples of the Mirai botnet variant that now targets 16 separate vulnerabilities.

One of them is the first known instance of Mirai targeting a Apache Struts vulnerability. The recent exploit targets arbitrary command execution vulnerability in Struts (CVE-2017-5638). 

Gafgyt now includes an exploit against a SonicWall vulnerability (CVE-2018-9866), which impacts older versions of SonicWall’s GMS product. 

According to the Unit 42 report, this new exploit threat of IoT botnets botnettargeting Apache Struts and SonicWall could be a warning of larger movement from consumer devices to enterprise targets. 

Leave a Reply