{"id":56966,"date":"2024-08-29T00:00:00","date_gmt":"2024-08-29T00:00:00","guid":{"rendered":"urn:uuid:d69bcebd-0cb0-980c-99cb-773d6351d7ad"},"modified":"2024-08-29T00:00:00","modified_gmt":"2024-08-29T00:00:00","slug":"threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/","title":{"rendered":"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/middle-east-malware:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/24\/middle-east-malware.png\" class=\"ff-og-image-inserted\"><\/div>\n<h2><span class=\"body-subhead-title\">Using the Interactsh project for beaconing purposes<\/span><\/h2>\n<p>The malware leverages the<i> Interactsh<\/i> project for beaconing purposes. After each phase of the malware infection, it sends a DNS request to the following domain:<\/p>\n<p><i>Step[1-6]-{dsktoProcessId}.tdyfbwxngpmixjiqtjjote3k9qwc31dsx.oast.fun<\/i><\/p>\n<p>Here, <i>dsktoProcessId<\/i> is a unique identifier for the machine, while <i>Step[1-6]<\/i> varies from step 1 to step 6, corresponding to each phase of the malware&#8217;s operation, ranging from collecting machine information to successfully executing commands received from the C&amp;C server.<\/p>\n<h2><span class=\"body-subhead-title\">Conclusion<\/span><\/h2>\n<p>The malware sample we examined, which likely targets entities within the Middle East, reveals a sophisticated use of C&amp;C infrastructure and advanced evasion techniques.<\/p>\n<p>Our findings include the following:<\/p>\n<ol>\n<li><b>Using dynamic C&amp;C infrastructure<\/b>: The malware pivots to a newly registered URL, &#8220;<i>sharjahconnect<\/i>&#8221; (likely referring to the UAE emirate Sharjah), designed to resemble a legitimate VPN portal for a company based in the UAE. This tactic is designed to allow the malware\u2019s malicious activities to blend in with expected regional network traffic and enhance its evasion characteristics.<\/li>\n<li><b>Domain masquerading<\/b>: By mimicking a familiar regional service, the attackers exploit trust relationships, increasing the likelihood of successful C&amp;C communications.<\/li>\n<li><b>Geopolitical targeting<\/b>: The domain&#8217;s regional specificity and the origin of the submission suggest a targeted campaign against Middle Eastern entities, possibly for geopolitical or economic espionage.<\/li>\n<li><b>Using newly registered domains<\/b>: Using fresh domains for C&amp;C activities allows attackers to bypass blacklists and makes attribution more complicated.<\/li>\n<\/ol>\n<p>It\u2019s likely that the threat actor made use of social engineering to lure victims into downloading fake tools and services. Given the widespread use of social engineering in cybercrime, defending against it should be a priority for both organizations and individual users. This requires a multi-faceted approach that combines education, policy, technology, and vigilance. Here are some recommendations to help safeguard against social engineering:<\/p>\n<p><b>User awareness and training: <\/b>Conducting regular training sessions on the various types of social engineering attacks<b>, <\/b>providing updates on new tactics and trends in social engineering, and educating employees to recognize common red flags can help prevent users from falling victim to social engineering lures.<\/p>\n<p><b>Principle of least privilege<\/b>: Granting employees access only to the data and systems they need for their roles minimizes the chance of attackers gaining access to vital information even during a successful breach.<\/p>\n<p><b>Email and web security<\/b>: Organizations should deploy robust email and web security solutions to filter and block malicious and suspicious content.<\/p>\n<p><b>Incident response plan<\/b>: A well-defined incident response plan is crucial for organizations to be able to handle social engineering attacks. This includes the immediate steps to contain and mitigate the threat.<\/p>\n<p><b>Organizations can also consider powerful security technologies such as&nbsp;<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response.html\">Trend Vision One\u2122<\/a>&nbsp;, which offers multilayered protection and behavior detection, helping block malicious tools and services before they can inflict damage on user machines and systems.<\/b><\/p>\n<h2><span class=\"body-subhead-title\"><\/span><\/h2>\n<p>The following V1 Detection quary can be used to check the presence of the GLOBALSHADOW binary:<\/p>\n<p><b><span class=\"blockquote\">malName:* GLOBALSHADOW* AND eventName:MALWARE_DETECTION<\/span><\/b><\/p>\n<p><span class=\"body-subhead-title\">Indicators of Compromise (IOCs)<\/span>The indicators of compromise for this entry can be found <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/24\/h\/fake-palo-alto-globalprotect-tool\/ioc-threat-actors%20-target%20-the-middle-east-using-fake-palo-alto-globalprotect-tool.txt\">here<\/a>.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/24\/h\/threat-actors-target-middle-east-using-fake-tool.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":56967,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9511,9508,9513,9509],"class_list":["post-56966","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-endpoints","tag-trend-micro-research-malware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-29T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/middle-east-malware:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool\",\"datePublished\":\"2024-08-29T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/\"},\"wordCount\":531,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool.png\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/\",\"name\":\"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool.png\",\"datePublished\":\"2024-08-29T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool.png\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/","og_locale":"en_US","og_type":"article","og_title":"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-08-29T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/middle-east-malware:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool","datePublished":"2024-08-29T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/"},"wordCount":531,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool.png","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : Endpoints","Trend Micro Research : Malware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/","url":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/","name":"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool.png","datePublished":"2024-08-29T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool.png","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-target-the-middle-east-using-fake-palo-alto-globalprotect-tool\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56966"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56966\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56967"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}