Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
Cybercriminals are employing a sophisticated two-stage malware campaign masquerading as the Palo Alto GlobalProtect tool to infiltrate systems in the Middle East region. The malware leverages a complex command-and-control infrastructure involving newly registered domains designed to resemble legitimate VPN portals. It utilizes the Interactsh project for beaconing and maintains stealth through encryption and sandbox evasion techniques enabling remote code execution payload deployment and data exfiltration on compromised hosts.