RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
Essential information
- Published
- 31/05/2024 13:41
- Modified
- 31/05/2024 14:03
- Tags
- 2024-05-31 cryptominer ssl-vpns
- Related entities
- 3 vulnerabilities (cve), 10 observables, 3 techniques (mitre), 2 malware
Description
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such as TP-Link routers), web applications (including the China-origin content management system ThinkPHP), SSL-VPNs, and security devices like Ivanti Connect Secure and Palo Alto GlobalProtect.