RedTail Cryptominer Exploits Palo Alto PAN-OS CVE-2024-3400

The RedTail cryptominer's evolution suggests a significant investment in staffing, infrastructure, and advanced obfuscation techniques.

by Ashish Khaitan May 31st, 2024

Share on LinkedInShare on Twitter

The operators of RedTail cryptominer, which was the biggest cryptominer operation last year, have now started to take advantage of the Palo Alto PAN-OS CVE-2024-3400 vulnerability to target their victims.

According to a report by cloud computing company Akamai, the hacker expanded their attack vector to include the Palo Alto PAN-OS vulnerability, though the sophistication and evasive techniques utilized by the RedTail variant are notable in this campaign, they wrote.

The evolution of the RedTail cryptominer hints at a direct investment of resources, particularly staffing, infrastructure, and advanced obfuscation techniques.

The threat actor’s chain of infection begins with the adoption of CVE-2024-3400 vulnerability and the incorporation of private cryptomining pools into their operation. 

RedTail Cryptominer Leverages Private Cryptomining Pools

According to Akamai, the folks behind the RedTail cryptominer have chosen to use “private cryptomining pools” to have more control over their mining activities, even though it comes with higher operational and financial costs. The tactics used in this campaign closely resemble those used by the Lazarus group, as per the research.

One noteworthy aspect of this variant is its use of private cryptomining pools. By using these private pools, the attackers can have better control and security over their operations, just like other popular threat groups.

This shift towards private pools suggests a more coordinated and intentional strategy in cryptomining activities, which raises the possibility of involvement by nation-state actors.

The goal of combining system and user prompts is to help the assistant refine the text and make it sound more like it was written by a human, while still maintaining the original content’s purpose and accuracy.

RedTail Cryptominer: Sneaky and Stealthy

The RedTail cryptominer is no amateur when it comes to flying under the radar and maintaining its grip on compromised systems. It employs clever tactics like anti-research measures and blends the XMRig cryptomining code with extra layers of encryption and logic.

This sneaky combination of system and user prompts is designed to enhance the assistant’s skills in transforming the text into a more natural and relatable version, all while staying true to the original content’s purpose and accuracy. So, let’s dive in and uncover the secrets of the RedTail cryptominer!

This malware really knows its stuff when it comes to cryptomining. It optimizes its operations to be as efficient and profitable as possible. By using a combination of system and user prompts, the goal is to help the assistant transform the text into something that sounds more human-like while staying true to the original content’s purpose and accuracy.

In addition to exploiting the PAN-OS CVE-2024-3400 vulnerability, the actors behind RedTail are targeting a variety of other vulnerabilities across different devices and platforms.

This encompasses exploits aimed at SSL-VPNs, IoT devices, web applications, and security devices like Ivanti Connect Secure.

How to Use the  Akamai App & API Protector?

Akamai suggests Akamai App&API Protector for additional security features and identifies all Palo Alto devices and patches them to prevent the RedTail cryptominer. The users can also harden their devices for cyberattacks such as web platform attacks, command injections, and local file inclusion. 

In addition, instead of merely relying on PAN-OS CVE-2024-3400 vulnerability, the developers of RedTail take advantage of several other vulnerabilities in different platforms and devices. These involve breaches to SSL VPNs, IoT products, web apps, as well as security appliances such as Ivanti Connect Secure.


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button