high_confidence
Operation MidnightEclipse
[Operation MidnightEclipse](https://attack.mitre.org/campaigns/C0048) was a campaign conducted in March and April 2024 that involved initial exploit of zero-day vulnerability CVE-2024-3400, a critical command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS.(Citation: Volexity UPSTYLE 2024)(Citation: Palo Alto MidnightEclipse APR 2024)
Start date
1 March 2024
End date
1 April 2024
Techniques
17
Attributed actors
Techniques (17)
collection2
T1074.001Local Data Staging
T1005Data from Local System
command-and-control3
T1090Proxy
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access1
T1003.003NTDS
execution3
T1053.003Cron
T1559Inter-Process Communication
T1059.004Unix Shell
initial-access3
T1078Valid Accounts
T1078.002Domain Accounts
T1190Exploit Public-Facing Application
lateral-movement2
T1021.002SMB/Windows Admin Shares
T1021.006Windows Remote Management
persistence3
T1053.003Cron
T1078Valid Accounts
T1078.002Domain Accounts
privilege-escalation3
T1053.003Cron
T1078Valid Accounts
T1078.002Domain Accounts
resource-development3
T1588.002Tool
T1584.006Web Services
T1584.003Virtual Private Server
stealth2
T1078Valid Accounts
T1078.002Domain Accounts
Indicators of compromise
No IOCs linked to this campaign yet.