CyberSecurity updates
Updated: 2024-09-12 17:55:14 Pacfic
- Threat actors are targeting organizations in the Middle East with malware disguised as the legitimate Palo Alto GlobalProtect tool.
- The malware can steal data and execute remote PowerShell commands to infiltrate internal networks further.
- The malware uses a two-stage infection process and a sophisticated C&C infrastructure.
- The malware employs the Interactsh project for beaconing and communication, while leveraging its capabilities to execute remote PowerShell commands, download and exfiltrate data.
- This attack is a reminder of the need to be cautious about suspicious downloads and to verify the authenticity of software before installing it.