Category | Details |
---|---|
Threat Actors | Unidentified hackers exploiting Palo Alto Networks firewall vulnerabilities. |
Campaign Overview | Thousands of Palo Alto Networks firewalls globally compromised, with ~2,000 confirmed breaches. |
Target Regions (Victims) | Affected regions include the U.S., India, and other global locations. |
Methodology | Exploited vulnerabilities CVE-2024-0012 and CVE-2024-9474 to gain access via NGFW management interfaces. |
Product Targeted | Palo Alto Networks Next-Generation Firewalls (NGFW). |
Malware Reference | Malware was reportedly dropped into some affected systems. |
Tools Used | Publicly available exploit chaining CVE-2024-0012 and CVE-2024-9474. |
Vulnerabilities Exploited | CVE-2024-0012 and CVE-2024-9474. |
TTPs | – Exfiltration of configuration files with credentials. – Attempts to steal OS passwords. – Malicious use of NGFW web interface. |
Attribution | Investigations by Palo Alto Unit42, Arctic Wolf, and CISA are ongoing; no specific actor named. |
Recommendations | – Patch immediately. – Restrict access to NGFW interfaces to internal IPs. – Review configurations for malicious changes. – Check audit logs for unauthorized admin activity. – Ensure systems are malware-free after patching. |
Source | The Record |
Read full article: https://therecord.media/palo-alto-networks-firewall-vulnerabilities-exploited-patched
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply