Palo Alto Networks reports the discovery of a hacking group targeting PAN-OS through a previously unknown vulnerability in GlobalProtect, termed Operation MidnightEclipse. The company is currently developing a patch scheduled for release on April 14th to address this issue. However, it is believed that only a single group of malicious actors is aware of this vulnerability, and the risk can be mitigated by disabling the device telemetry feature until the patch is available. This report includes the IP addresses used by the attackers and the list of files downloaded during the successful breach. Organizations concerned about being targeted can query the system logs for verification.
Source: Palo Alto Networks
The interface of PAN-OS Device Telemetry displays relevant information.
TLDR: Palo Alto Networks discovered a hacking group exploiting a vulnerability in GlobalProtect, with a patch in development to address the issue. Risk can be reduced by disabling device telemetry until the patch is released.
Leave a Comment