State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls

State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls

April 12, 2024 at 04:48PM

A zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls has been exploited by threat actor ‘UTA0218’ for over two weeks. The issue permits unauthorized execution of code with root privileges. Palo Alto is expected to release patches by April 14. Organizations are urged to take immediate mitigation steps and be wary of increased exploitation.

Based on the provided meeting notes, the key takeaways are:

– A zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls has been exploited by a threat actor known as UTA0218 for over two weeks.
– This security defect is described as a command injection issue allowing unauthenticated attackers to execute arbitrary code on impacted firewalls with root privileges.
– Palo Alto Networks is aware of limited in-the-wild exploitation and is expected to release patches by April 14.
– Organizations are advised to disable device telemetry on their firewalls and apply other mitigation recommendations detailed by Palo Alto Networks.
– Both Palo Alto Networks and cybersecurity firm Volexity warn of an expected spike in exploitation of the vulnerability over the next few days, by UTA0218 and potentially other threat actors, driven by the imminent availability of patches.

Full Article