Operation MidnightEclipse Exploits Critical PAN-OS Zero-Day Flaw

April 14, 2024
Operation MidnightEclipse Exploits Critical PAN-OS Zero-Day Flaw
  • A zero-day vulnerability in Palo Alto Networks PAN-OS software, exploited since March 26, 2024, has been uncovered by cybersecurity experts.

  • The flaw, identified as CVE-2024-3400, allows attackers to execute code with root access on the affected firewall through a malicious cron job.

  • Operation MidnightEclipse, the threat actor behind the exploit, employed a Python-based backdoor and manipulated legitimate files for stealth.

  • Targets include domain backup keys, active directory credentials, and user workstations, with advice given to monitor for lateral movements.

  • The U.S. CISA has mandated federal agencies to patch the vulnerability by April 19, following its addition to the Known Exploited Vulnerabilities catalog.

  • Palo Alto Networks is slated to release a security fix by April 14 to address the vulnerability.

  • The sophistication of the attack suggests the involvement of a state-sponsored actor, referred to as UTA0218.

Summary based on 1 source

Get a daily email with more Tech stories


More Stories