n early-to-mid November, Palo Alto Networks disclosed two vulnerabilities in PAN-OS, affecting numerous firewall products. Actors have used CVE-2024-0012 to gain administrator privileges on vulnerable appliances followed by CVE-2024-9474 to achieve privilege escalation and execute arbitrary code with root privileges. Both of these vulnerabilities were exploited as zero-days.
Mandiant discovered the use of SNOWLIGHT which is a downloader written in C and the affected regions were South America, Southern Asia, Southern Europe, Eastern Asia, South-eastern Asia and Northern America.