TLDR:
State-sponsored threat actors have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls, allowing them to execute arbitrary code with root privileges. The CVE-2024-3400 vulnerability affects PAN-OS versions 10.2, 11.0, and 11.1. The threat actor, known as UTA0218, has been using a Python backdoor called Upstyle to move laterally through victim networks and extract sensitive credentials. Organizations are advised to disable device telemetry, apply mitigation recommendations, and collect logs if compromised.
In a recent cyberattack, a state-sponsored threat actor has been exploiting a zero-day vulnerability in Palo Alto Networks firewalls. The CVE-2024-3400 vulnerability, with a CVSS score of 10/10, allows unauthenticated attackers to execute arbitrary code with root privileges. The threat actor, identified as UTA0218, has been using a Python backdoor called Upstyle to move laterally through victim networks since March 26. Palo Alto Networks is expected to release patches by April 14, and organizations are advised to disable device telemetry, apply mitigation recommendations, and collect logs if compromised.