Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Palo Alto Firewalls Backdoored by Hackers

December 31, 2024
Reading Time: 2 mins read
in Alerts
Palo Alto Firewalls Backdoored by Hackers

A suspected Chinese hacking group, identified as UNC5325, has exploited vulnerabilities in Palo Alto Networks firewalls to deploy a custom malware backdoor variant named Littlelamb.Wooltea. This campaign began in November 2024, shortly after Palo Alto disclosed a medium-severity privilege escalation vulnerability (CVE-2024-9474) in its PAN-OS software. The flaw allows attackers to execute actions with root privileges, making it a valuable entry point for cyberespionage operations. Researchers from Northwave discovered that the attackers downloaded a malicious file, bwmupdate, which disguised itself as a legitimate logd file to evade detection.

The malware backdoor installed by UNC5325 comes with advanced capabilities, including reading and writing files, establishing network tunnels, and setting up SOCKS5 proxies to manage multiple outgoing connections. Additionally, it facilitates shell access and uses multiple nodes to handle network communication, ensuring resilience and persistence. The malware also employs sophisticated techniques to track lost connections and maintain control across compromised systems. Security firm Darktrace further revealed that attackers deployed additional payloads to retrieve content from external servers, suggesting a broader strategy beyond initial access.

Palo Alto Networks addressed CVE-2024-9474 and a related vulnerability, CVE-2024-0012, with patches and urged administrators to restrict access to their web management portals to trusted IP addresses only. Despite Palo Alto’s assurances that only a “small number of devices” were impacted, researchers estimate the number of affected systems could be in the thousands. The exploitation highlights ongoing threats to network edge devices, which are often prime targets for advanced persistent threat (APT) groups due to their critical role in securing organizational infrastructure.

UNC5325’s tactics align with broader strategies observed in other China-linked hacking campaigns, such as those executed by UNC3886 and UNC4841, which similarly focus on exploiting vulnerabilities in edge devices. These incidents emphasize the urgent need for organizations to prioritize timely patch management, network segmentation, and continuous monitoring of critical systems. As cyber threats continue to evolve, addressing vulnerabilities in widely deployed infrastructure like Palo Alto firewalls remains essential to prevent further breaches.

Reference:

  • Hackers Exploit Palo Alto Firewall Vulnerabilities to Deploy Malware Backdoor
Tags: BackdoorsChinaCyber AlertsCyber Alerts 2024Cyber threatsDecember 2024FirewallsLittlelamb.WoolteaMalwarePalo AltoSOCKS5UNC5325Vulnerabilities
ADVERTISEMENT

Related Posts

BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025
FBI Issues Warning on Spoofed IC3 Website

FBI Issues Warning on Spoofed IC3 Website

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

Infostealer Hits macOS Users Widely

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

SonicWall Warns Reset After Exposure

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial