Press ESC to close

Experts warn of Palo Alto firewall exploitation after 2,000 compromises spotted

  • APT
  • November 22, 2024
Category Details
Threat Actors Unidentified hackers exploiting Palo Alto Networks firewall vulnerabilities.
Campaign Overview Thousands of Palo Alto Networks firewalls globally compromised, with ~2,000 confirmed breaches.
Target Regions (Victims) Affected regions include the U.S., India, and other global locations.
Methodology Exploited vulnerabilities CVE-2024-0012 and CVE-2024-9474 to gain access via NGFW management interfaces.
Product Targeted Palo Alto Networks Next-Generation Firewalls (NGFW).
Malware Reference Malware was reportedly dropped into some affected systems.
Tools Used Publicly available exploit chaining CVE-2024-0012 and CVE-2024-9474.
Vulnerabilities Exploited CVE-2024-0012 and CVE-2024-9474.
TTPs – Exfiltration of configuration files with credentials.
– Attempts to steal OS passwords.
– Malicious use of NGFW web interface.
Attribution Investigations by Palo Alto Unit42, Arctic Wolf, and CISA are ongoing; no specific actor named.
Recommendations – Patch immediately.
– Restrict access to NGFW interfaces to internal IPs.
– Review configurations for malicious changes.
– Check audit logs for unauthorized admin activity.
– Ensure systems are malware-free after patching.
Source The Record

Read full article: https://therecord.media/palo-alto-networks-firewall-vulnerabilities-exploited-patched

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *