Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign


A widespread campaign has compromised approximately 2,000 Palo Alto Networks devices by exploiting two critical security vulnerabilities, CVE-2024-0012 (CVSS 9.3) and CVE-2024-9474 (CVSS 6.9). These flaws allow authentication bypass and privilege escalation, enabling threat actors to execute commands, alter configurations, and install PHP-based web shells on targeted firewalls. The campaign, tracked as Operation Lunar Peek, primarily affects the U.S. and India but includes other global regions.T-Mobile has confirmed being targeted by the Chinese threat group Salt Typhoon (also known as Earth Estries), part of a broader cyber-espionage campaign against U.S. telecom firms, including AT&T and Verizon. The campaign, active since 2020, aims to harvest cellular data from high-value targets and exploit vulnerabilities in telecommunications infrastructure, such as Microsoft Exchange and QConvergeConsole, using advanced tools like Cobalt Strike, TrillClient, and custom backdoors. Attack techniques include credential theft, lateral movement, and data exfiltration via anonymized services, with persistence ensured through scheduled tasks and periodic tool updates. Despite no significant customer data impact reported by T-Mobile, the U.S. government warns of widespread compromises affecting government and political actors, highlighting the threat's strategic sophistication and adaptability.

Read More


thumb-image

Solutions