#PaloAltoGlobalProtect

Fake Palo Alto GlobalProtect used as lure to backdoor enterprises

by

August 29, 2024 at 02:30PM Middle Eastern organizations are being targeted by threat actors using malware disguised as the legitimate Palo Alto GlobalProtect Tool. This malware can steal data and execute remote PowerShell commands to infiltrate internal networks. Based on the meeting notes, the main takeaway is that threat actors are targeting Middle Eastern organizations … Read more

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

by

August 29, 2024 at 05:07AM Summary: Threat actors are targeting users in the Middle East with sophisticated malware, posing as the Palo Alto GlobalProtect Tool. The malware utilizes a two-stage infection process and advanced evasion techniques, including masquerading as a legitimate VPN portal. Its capabilities include remote PowerShell commands, file exfiltration, and sandbox evasion. Recommendations … Read more