LITTLELAMB.WOOLTEA Backdoor Targets Palo Alto Networks Firewalls
/ 1 min read
🧩 Sophisticated LITTLELAMB.WOOLTEA backdoor targets Palo Alto Networks firewalls. Northwave Cyber Security has uncovered a complex backdoor, LITTLELAMB.WOOLTEA, which exploits the recently disclosed CVE-2024-9474 vulnerability in Palo Alto Networks devices. The attackers deployed a malicious script that disguises itself as a legitimate logd service, ensuring persistence by modifying system files. This backdoor allows for extensive control over compromised systems, including file manipulation, remote command execution, and covert communication through existing open ports. The operation’s sophistication suggests involvement from a nation-state actor, as it employs advanced techniques for command-and-control across infected networks. The discovery raises significant concerns about the security of critical infrastructure relying on these firewalls.
