Massive Cyber Attack: 2,000+ Palo Alto Firewalls Breached Worldwide

Massive Cyber Attack: 2,000+ Palo Alto Firewalls Breached Worldwide

Critical Security Breach Affecting Palo Alto Networks Devices

A significant security incident has emerged affecting Palo Alto Networks devices, with approximately 2,000 systems reportedly compromised. The breach exploits two recently discovered vulnerabilities:

Key Vulnerability Details:
– CVE-2024-0012 (CVSS: 9.3) and CVE-2024-9474 (CVSS: 6.9)
– Allows authentication bypass and privilege escalation
– Enables malicious configuration changes and code execution

Geographic Impact:
– Primary affected regions:
* USA (554 cases)
* India (461 cases)
* Thailand (80 cases)
* Other affected countries include Mexico, Indonesia, Turkey, UK, Peru, and South Africa

Current Situation:
– Operation Lunar Peek identified as the initial exploitation campaign
– Attackers deploying web shells, Sliver malware, and cryptocurrency miners
– Exploitation attempts increased after POC release on November 19, 2024

Mitigation Steps:
1. Apply latest security patches immediately
2. Restrict management interface access to trusted internal IPs
3. Remove external internet access to management interfaces

Important Update:
Palo Alto Networks clarified that actual infections are lower than reported, with less than 0.5% of their firewalls having internet-exposed interfaces. The company is actively working with affected customers to resolve the situation.

This security incident emphasizes the importance of following security best practices and maintaining current patch levels for network security devices.

Share This Article