VERY IMPORTANT

This threat brief covers a critical command injection vulnerability in Palo Alto Networks PAN-OS software (CVE-2024-3400) that enables an unauthenticated attacker to execute arbitrary code with root privileges on vulnerable firewalls. The vulnerability is being actively exploited in a campaign referred to as Operation MidnightEclipse. The report details the scope of the attack, including various levels of exploitation observed, and provides information on post-exploitation activity involving the installation of backdoors and exfiltration of configuration files. Guidance for mitigation and detection is provided, along with indicators of compromise and resources for further information.