State-sponsored hackers use zero-day to backdoor Palo Alto Networks firewalls

April 14, 2024
1 min read

TLDR:

State-sponsored threat actors have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls, allowing them to execute arbitrary code with root privileges. The CVE-2024-3400 vulnerability affects PAN-OS versions 10.2, 11.0, and 11.1. The threat actor, known as UTA0218, has been using a Python backdoor called Upstyle to move laterally through victim networks and extract sensitive credentials. Organizations are advised to disable device telemetry, apply mitigation recommendations, and collect logs if compromised.

In a recent cyberattack, a state-sponsored threat actor has been exploiting a zero-day vulnerability in Palo Alto Networks firewalls. The CVE-2024-3400 vulnerability, with a CVSS score of 10/10, allows unauthenticated attackers to execute arbitrary code with root privileges. The threat actor, identified as UTA0218, has been using a Python backdoor called Upstyle to move laterally through victim networks since March 26. Palo Alto Networks is expected to release patches by April 14, and organizations are advised to disable device telemetry, apply mitigation recommendations, and collect logs if compromised.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and