Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

1(520) 261-1728

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Cybercriminals are employing a sophisticated two-stage malware campaign masquerading as the Palo Alto GlobalProtect tool to infiltrate systems in the Middle East region. The malware leverages a complex command-and-control infrastructure, involving newly registered domains designed to resemble legitimate VPN portals. It utilizes the Interactsh project for beaconing and maintains stealth through encryption and sandbox evasion techniques, enabling remote code execution, payload deployment, and data exfiltration on compromised hosts. Author: AlienVault

Related Tags:
GlobalProtect.exe

GlobalProtect

evasion

T1608

T1071

T1105

United Arab Emirates

T1059

T1027

Associated Indicators:
79B38C4BE5AC888E38EC5F21AC3710F3D0936A72

http://94.131.108.78:7118/B/desktop/

http://94.131.108.78:7118/B/hi/

Threat Intel Solutions

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us