Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
released on 2024-04-12 @ 07:32:12 PM
This report details the discovery and exploitation of a critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks GlobalProtect firewall appliances, allowing remote code execution. The threat actor, tracked as UTA0218, exploited this flaw to compromise devices, exfiltrate data, and move laterally within victims' networks. The report analyzes the UPSTYLE backdoor used, post-exploitation activities, infrastructure, detection methods, and response recommendations.