Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Palo Alto Firewalls Backdoored by Hackers

December 31, 2024
Reading Time: 2 mins read
in Alerts
Palo Alto Firewalls Backdoored by Hackers

A suspected Chinese hacking group, identified as UNC5325, has exploited vulnerabilities in Palo Alto Networks firewalls to deploy a custom malware backdoor variant named Littlelamb.Wooltea. This campaign began in November 2024, shortly after Palo Alto disclosed a medium-severity privilege escalation vulnerability (CVE-2024-9474) in its PAN-OS software. The flaw allows attackers to execute actions with root privileges, making it a valuable entry point for cyberespionage operations. Researchers from Northwave discovered that the attackers downloaded a malicious file, bwmupdate, which disguised itself as a legitimate logd file to evade detection.

The malware backdoor installed by UNC5325 comes with advanced capabilities, including reading and writing files, establishing network tunnels, and setting up SOCKS5 proxies to manage multiple outgoing connections. Additionally, it facilitates shell access and uses multiple nodes to handle network communication, ensuring resilience and persistence. The malware also employs sophisticated techniques to track lost connections and maintain control across compromised systems. Security firm Darktrace further revealed that attackers deployed additional payloads to retrieve content from external servers, suggesting a broader strategy beyond initial access.

Palo Alto Networks addressed CVE-2024-9474 and a related vulnerability, CVE-2024-0012, with patches and urged administrators to restrict access to their web management portals to trusted IP addresses only. Despite Palo Alto’s assurances that only a “small number of devices” were impacted, researchers estimate the number of affected systems could be in the thousands. The exploitation highlights ongoing threats to network edge devices, which are often prime targets for advanced persistent threat (APT) groups due to their critical role in securing organizational infrastructure.

UNC5325’s tactics align with broader strategies observed in other China-linked hacking campaigns, such as those executed by UNC3886 and UNC4841, which similarly focus on exploiting vulnerabilities in edge devices. These incidents emphasize the urgent need for organizations to prioritize timely patch management, network segmentation, and continuous monitoring of critical systems. As cyber threats continue to evolve, addressing vulnerabilities in widely deployed infrastructure like Palo Alto firewalls remains essential to prevent further breaches.

Reference:

  • Hackers Exploit Palo Alto Firewall Vulnerabilities to Deploy Malware Backdoor
Tags: BackdoorsChinaCyber AlertsCyber Alerts 2024Cyber threatsDecember 2024FirewallsLittlelamb.WoolteaMalwarePalo AltoSOCKS5UNC5325Vulnerabilities
ADVERTISEMENT

Related Posts

Linux Core Dump Flaws Risk Password Leaks

Linux Core Dump Flaws Risk Password Leaks

June 2, 2025
Linux Core Dump Flaws Risk Password Leaks

GitHub Code Flaw Replicated By AI Models

June 2, 2025
Linux Core Dump Flaws Risk Password Leaks

Google Script Used In New Phishing Scams

June 2, 2025
OneDrive Flaw Gives Sites Full Data Access

OneDrive Flaw Gives Sites Full Data Access

May 30, 2025
OneDrive Flaw Gives Sites Full Data Access

Fake AI Apps Drop Ransomware And Malware

May 30, 2025
OneDrive Flaw Gives Sites Full Data Access

EDDIESTEALER Uses Fake CAPTCHAs for Stealing

May 30, 2025

Latest Alerts

Linux Core Dump Flaws Risk Password Leaks

GitHub Code Flaw Replicated By AI Models

Google Script Used In New Phishing Scams

EDDIESTEALER Uses Fake CAPTCHAs for Stealing

Fake AI Apps Drop Ransomware And Malware

OneDrive Flaw Gives Sites Full Data Access

Subscribe to our newsletter

    Latest Incidents

    Covenant Health Cyberattack Shuts Hospitals

    Moscow DDoS Attack Cuts Internet For Days

    Puerto Rico’s Justice Department Cyberattack

    State Actors Hit ConnectWise ScreenConnect

    Ivanti Flaw Hits NHS Staff and Patient Data

    Amalgamated Sugar Data Breach Exposes SSNs

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial