| Aspect | Details |
|---|---|
| Threat Actors | Unknown cybercriminals exploiting CVE-2024-0012 and CVE-2024-9474 vulnerabilities. |
| Campaign Overview | Exploitation of vulnerabilities in Palo Alto Networks firewalls to deploy malicious payloads, including Sliver C2 and coinminers. |
| Target Regions (Or Victims) | Various industries affected globally. |
| Methodology | Exploited vulnerabilities, downloaded malicious payloads over HTTP, and collected sensitive data. |
| Product Targeted | Palo Alto Networks firewall devices running PAN-OS software. |
| Malware Reference | Sliver C2 framework, XMRig coinminer. |
| Tools Used | wget, curl, tar, cat, touch, PHP webshells. |
| Vulnerabilities Exploited | CVE-2024-0012 (admin access) and CVE-2024-9474 (privilege escalation) in PAN-OS. |
| TTPs | Initial Access (T1190), Privilege Escalation (T1068), Credential Access (T1003.008), Defense Evasion (T1027, T1070). |
| Attribution | Not yet attributed to specific threat actor groups. |
| Recommendations | Monitor firewall logs for unusual username activity. |
| Source | Hendryadrian |
Read full article: https://www.hendryadrian.com/arctic-wolf-observes-threat-campaign-targeting-palo-alto-networks-firewall-devices-arctic-wolf/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply