Threat Campaign Targeting Palo Alto Networks Firewall Devices Observed

SUMMARY :

Arctic Wolf has identified multiple intrusions across various industries involving Palo Alto Network firewall devices. The attacks likely exploit recently disclosed PAN-OS vulnerabilities CVE-2024-0012 and CVE-2024-9474 for initial access. Affected devices downloaded payloads including the Sliver C2 framework and coinminer binaries. Threat actors injected malicious commands into firewall login attempts, deployed PHP webshells, exfiltrated sensitive configuration files and credentials, and in some cases installed XMRig cryptocurrency miners. The campaign demonstrates rapid exploitation of newly disclosed vulnerabilities in perimeter devices. Defenders are advised to implement robust external monitoring, restrict management interfaces, and patch vulnerable systems promptly.

OPENCTI LABELS :

data exfiltration,xmrig,vulnerability exploitation,webshells,cve-2024-9474,cve-2024-0012,sliver c2,palo alto networks


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Threat Campaign Targeting Palo Alto Networks Firewall Devices Observed