Threat actors have exploited a vulnerability to access PAN-OS firewall software.
Multinational cybersecurity company Palo Alto Networks has been hit by a zero-day exploit that’s been identified as critical by its severity. A zero-day exploit is a type of vulnerability that’s been discovered by cybercriminals and exploited prior to a patch being made available. Cybersecurity firm Volexity was the first to identify the exploit that hit the California-based cybersecurity giant.
An investigation showed that the threat actor, named UTA0218 by the researchers, exploited a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS. Volexity received alerts about dubious network traffic coming from the customer's firewall, and a further investigation determined the device had been compromised.
The malicious actor managed to exploit the firewall device remotely, establishing a reverse shell and installing additional tools. Their primary objective was to extract configuration data from devices and use it to infiltrate other areas within the victim organizations.
During its investigation, Volexity observed that UTA0218 attempted to install a custom Python backdoor on the firewall. This type of backdoor enables the attacker to execute supplementary commands on the device through specifically designed network requests.
The attack was first detected on April 10th. A similar exploitation by the same threat actor was also observed on April 11th. As Volexity expanded its investigation, it found similar instances of successful exploitation at numerous other customers and organizations, with incidents dating back to March 26th, 2024.
On April 15th, Palo Alto wrote that PAN-OS patches are available and more fixes are “on the way.” The company also claimed to have clarified Workarounds and Mitigations when using Panorama templates. Panorama is a centralized management system used to configure and manage multiple Palo Alto Networks firewalls from a single interface.
Your email address will not be published. Required fields are markedmarked