216.73.217.80

RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit

· Published 31/05/2024 13:41 · Modified 31/05/2024 14:03

Export JSON

Essential information

Published
31/05/2024 13:41
Modified
31/05/2024 14:03
Tags
2024-05-31 cryptominer ssl-vpns
Related entities
3 vulnerabilities (cve), 10 observables, 3 techniques (mitre), 2 malware

Description

Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such as TP-Link routers), web applications (including the China-origin content management system ThinkPHP), , and security devices like Ivanti Connect Secure and Palo Alto GlobalProtect.

External references