Gafgyt Malware Attack
Gafgyt Malware Attack

In a world where cyber threats are a constant challenge, the Gafgyt botnet malware stands out. This malware has found a weakness in a critical flaw of the end-of-life Zyxel P660HN-T1A router. It’s a serious threat that requires immediate attention.

The Gafgyt Malware in Detail

The vulnerability, labeled as CVE-2017-18368, is a severe one. It involves a 9.8-rated unauthenticated command injection flaw. It affects the Remote System Log forwarding function of the device. Zyxel patched it in 2017. But the malware continues to target it.

Zyxel warned about a new Gafgyt variant in 2019. They asked users with outdated firmware to upgrade. The upgrade would protect the devices from takeover.

Fortinet’s Warning and Continuous Gafgyt Malware Attacks

Fortinet has now issued an alert. The malware is trying to exploit the flaw. It launches thousands of daily attacks.

Since July 2023, the average number of attacks per day is 7,100. Fortinet’s alert, released today, confirms that the attacks continue. They’ve blocked thousands of unique IPS devices over the last month.

Unclear Results and Steady Volume of Gafgyt Malware Attacks

The exact number of successful infections is not clear. But the activity has remained consistent since July. CISA warned about the active exploitation of the flaw as well. They added it to their catalog of known exploited vulnerabilities.

Federal agencies must now patch the Zyxel vulnerability by August 28th, 2023.

Zyxel’s Response and Recommendation Against Gafgyt Malware

Zyxel has updated its security advisory. They have reminded users that only older firmware versions are impacted. Those running the latest version from 2017 are safe.

The vendor points out that the device has reached its end-of-life. They no longer support it. They strongly recommend switching to a newer model.

Recognizing and Responding to Botnet Infections

Botnet infections can cause various issues. These include unstable connectivity and device overheating. Other signs are sudden configuration changes and unexpected reboots.

If you suspect a compromise, take action. Perform a factory reset. Update the firmware to the latest version. Change the default admin user credentials.

It’s wise to disable the remote administration panel. Manage devices from your internal network only.


The Gafgyt malware exploiting the Zyxel router flaw is a stark reminder. Cybersecurity requires constant vigilance. It’s crucial to stay updated on firmware and recognize the signs of infection.

The fight against this particular malware continues. Users must take the recommended actions seriously. Upgrading to a supported device model is the best course of action.

The situation underscores the importance of proactive cybersecurity. Staying one step ahead of potential threats is the only way to ensure optimal protection.