Palo Alto Networks Firewalls Targeted by State-Sponsored Hackers Using Zero-Day Exploit

Hackers have been exploiting a critical vulnerability in Palo Alto Networks' firewalls since March to install backdoors and steal sensitive data.

State-sponsored hackers exploited a zero-day vulnerability in Palo Alto Networks firewalls, tracked as CVE-2024-3400, since March 26.
The vulnerability allows unauthenticated remote code execution, enabling attackers to take control of the firewalls and access internal networks.
Hackers installed a custom Python backdoor named 'Upstyle' to execute commands and steal data from compromised devices.
Palo Alto Networks has announced that patches for the vulnerability will be available by April 14.
Security firm Volexity, which discovered the attack, is tracking the malicious activity under the moniker UTA0218 and assesses it as likely state-backed.