Shares of cybersecurity company Palo Alto Networks plunged 19% in extended trading Tuesday, after the company reported a beat on the top and bottom lines but lowered its full-year guidance for revenue and billings.

Here’s how the company did compared to LSEG, formerly Refinitiv, estimates:

Earnings per share: $1.46, adjusted, vs. $1.30 expectedRevenue: $1.98 billion vs. $1.97 billion expected

Net income was $1.7 billion for the quarter, or $4.89 per share, compared to $84 million, or $0.25 share, for the fiscal second quarter 2023.

The company is now guiding to full-year total billings between $10.1 and $10.2 billion, compared to its previous guidance of $10.7 and $10.8 billion. Palo Alto Networks also expects full-year revenue to range between $7.95 to $8 billion, compared to its prior guidance of $8.15 to $8.2 billion.

In a conference call with analysts, CEO Nikesh Arora said the lowered guidance was due to a “shift” in strategy, “wanting to accelerate growth, our platform migration and consolidation and activating AI leadership,” adding that the company expected “a difficult customer” as the company shifted stance.

Guidance for the upcoming quarter also fell short of consensus estimates. Analysts surveyed by LSEG expected the company to guide to fiscal third-quarter revenue of $2.04 billion, but Palo Alto Networks now expects revenue to range between $1.95 billion and $1.98 billion.

The new billings guidance represents full-year growth of between 10% and 11% versus previous guidance showing 16% to 17% billings growth. Similarly, Palo Alto Networks now expects full-year revenue growth between 15% and 16%, down from initial guidance showing 18% to 19% growth.

The lowered estimates come even as the AI frenzy sweeps up cybersecurity stocks and the broader technology sector. Arora said that the company would look to activate its “AI leadership strategy” in the earnings release.

This is breaking news. Please check back for updates.

Microsoft said in a Friday regulatory filing that a Russian intelligence group accessed some of the software maker’s top executives’ email accounts. Nobelium, the same group that breached government supplier SolarWinds in 2020, carried out the attack, which Microsoft detected last week, according to the company.

It isn’t the first time Russian hackers have gained entry into Microsoft’s systems. State-sponsored attacks that can result in the dissemination of sensitive data becomes a greater risk during periods of armed conflict, and Russia’s war against Ukraine has been going on for almost two years now. On Thursday, Russia said Ukrainian forces conducted drone strikes in multiple Russian locations.

Microsoft’s announcement comes after new U.S. requirements for disclosing cybersecurity incidents went into effect. A Microsoft spokesperson said that while the company does not believe the attack had a material effect, it still wanted to honor the spirit of the rules.

The Cybersecurity and Infrastructure Security Agency is “closely coordinating with Microsoft to gain additional insights into this incident and understand impacts so we can help protect other potential victims,” CISA executive assistant director for cybersecurity Eric Goldstein said in a statement to CNBC. “As noted in Microsoft’s announcement, at this time we are not aware of impacts to Microsoft customer environments or products.” 

In late November, the group accessed “a legacy non-production test tenant account,” Microsoft’s Security Response Center wrote in the blog post. After gaining access, the group “then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the corporate unit wrote.

The company’s senior leadership team, including Chief Financial Offer Amy Hood and President Brad Smith, regularly meets with CEO Satya Nadella.

Microsoft said it has not found signs that Nobelium had accessed customer data, production systems or proprietary source code.

The U.S. government and Microsoft consider Nobelium to be part of the Russian foreign intelligence service SVR. The hacking group was responsible for one of the most prolific breaches in U.S. history when it added malicious code to updates to SolarWinds’ Orion software, which some U.S. government agencies were using. Microsoft itself was ensnared in the hack.

Nobelium, also known as APT29 or Cozy Bear, is a sophisticated hacking group that has attempted to breach the systems of U.S. allies and the Department of Defense. Microsoft also uses the name Midnight Blizzard to identify Nobelium.

It was also implicated alongside another Russian hacking group in the 2016 breach of the Democratic National Committee’s systems.

Last year, a vulnerability in Microsoft software allowed China-aligned hackers to access the email accounts of senior government officials, including Commerce Secretary Gina Raimondo, ahead of a critical U.S.-China meeting. The company’s “negligent cybersecurity practices” led to the attack, Sen. Ron Wyden, a Democrat from Oregon, wrote in a letter to CISA director Jen Easterly, and other federal officials.

“We are continuing our investigation and will take additional actions based on the outcomes of this investigation and will continue working with law enforcement and appropriate regulators,” the Microsoft blog post said.

The Federal Bureau of Investigation told CNBC that it knows about the attack and is working with federal partners to help.

Don’t miss these stories from CNBC PRO:

A hacking group widely reported as being linked to Israel has taken responsibility for a cyberattack that’s knocked out the majority of gas stations across Iran, leading to long lines of cars and angry crowds.

Iranian state TV cited the country’s Oil Minister Javad Owji saying that outside interference was a possible cause after 70% of Iran’s gas stations were hit by service disruptions, according to Reuters.

A group called Gonjeshke Darande, or Predatory Sparrow, claimed it was behind the attack in a post on the social media site X.

“We, Gonjeshke Darande, carried out another cyberattack today, taking out a majority of the gas pumps throughout Iran. This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region,” the post read.

Addressing Iran’s leader Ayatollah Ali Khamenei, the group added: “Khamenei, playing with fire has a price.”

Gonjeshke Darande has claimed responsibility for previous cyberattacks on Iran, including one on Iran’s major steel companies.

Iran’s civil defense agency said an investigation was underway and that it was still examining all possible causes for the disruption. Israeli media has covered the alleged attack, but Israel’s government has not commented on it.

Shares of SenseTime fell as much as 9.7% on Tuesday after U.S. short seller Grizzly Research alleged the Chinese artificial intelligence firm inflated its revenue.

SenseTime shares pared some of those losses in Hong Kong and closed 4.86% lower in the afternoon.

Grizzly Research alleged in a report on Tuesday that SenseTime engaged in a so-called “revenue round-tripping” program.

“SenseTime either directly or through intermediaries provides funds to customers that in turn are used to purchase goods from SenseTime that might never have been delivered,” Grizzly Research alleged. The short seller said it got this information via two court cases in China that described the scheme.

SenseTime said in a Hong Kong Stock Exchange filing that it is “reviewing the allegations and considering the appropriate course of action to take to safeguard the interests of all shareholders.”

The Chinese firm said it believes Grizzly Research’s report is “without merit and contains unfounded allegations and misleading conclusions and interpretations.”

SenseTime added that the report “shows a lack of understanding of the Company’s business model and financial reporting structure, and a lack of thorough reading of the Company’s public filings.”

Grizzly Research did not contact SenseTime to verify the information, SenseTime said in its statement.

SenseTime was once viewed as one of China’s most exciting artificial intelligence companies and is best-known for computer vision technology that can power facial recognition software.

However, the company has been a target of U.S. government sanctions. In 2019, Washington put SenseTime on the so-called Entity List, which restricts American firms from doing business with it. The U.S. alleged that SenseTime is linked to human rights violations in China’s Xinjiang region.

At the time, SenseTime said that it does “not have any business in, nor are we aware of our technology being used in the Xinjiang region.”

SenseTime proposed an initial public offering in Hong Kong in mid-2021 but postponed the listing later that year after the U.S. government added it to a list of “Chinese military-industrial complex companies.”

The company ended up doing its listing at the end of December, pricing shares at 3.85 Hong Kong dollars ($0.49). Shares closed at 1.37 Hong Kong dollars on Tuesday, 64% below their IPO price.

Due to SenseTime’s U.S. government blacklisting, the company “has a severely limited target market and therefore no outlook for any real improvement,” Grizzly Research said in its report.

The short seller also took aim at SenseTime’s technology, claiming it has “no competitive moat in AI.”

“We believe SenseTime is operating a fundamentally dead-ended facial recognition software business, plus some additional AI R&D projects with almost no chance of scalable future profits,” Grizzly Research said.

China-linked hackers breached the email account of U.S. Ambassador to China Nicholas Burns, as part of a recent targeted intelligence-gathering campaign, NBC News has confirmed.

The hackers also accessed the email account of Daniel Kritenbrink, the assistant Secretary of State for East Asia, who recently travelled with Secretary of State Antony Blinken to China, said NBC, citing two U.S. officials familiar with the matter. 

CNBC reached out to China’s Foreign Ministry for comment but has yet to hear back.

The beach was limited to the diplomats’ unclassified email accounts, NBC said adding that Secretary of Commerce Gina Raimondo’s email account was also accessed in the breach, as previously reported.

The news, first reported by the Wall Street Journal, further fuels the fallout for the U.S. of the alleged Chinese hack first revealed last week. 

Late Tuesday, Microsoft announced it had discovered that China-based hackers breached email accounts of about 25 organizations, including some U.S. government agencies, in a significant breach.

The compromise was “mitigated” by Microsoft cybersecurity teams after it was first reported to the company in mid-June 2023, Microsoft said in two blog posts about the incidents. The hackers had been inside government systems since at least May, the company said.

Blinken said he raised the issue of the Chinese hacking when he met China’s top diplomat Wang Yi in Jakarta last week, on the sidelines of the Association of Southeast Asian Nations regional meeting.

The U.S. Secretary noted he made clear to Wang that Washington will ensure the hackers are held responsible for alleged breaches of U.S. government agencies.

“First of all, this is something that the State Department actually detected last month, and we took immediate steps to protect our systems, to report the incident – in this case, notifying a company, Microsoft, of the event,” Blinken said at a press briefing.

“I can’t discuss details of our response beyond that, and most critically this incident remains under investigation,” he added.

Still, Blinken said that as a general matter, “we have consistently made clear to China as well as to other countries that any action that targets the U.S. Government or U.S. companies, American citizens, is of deep concern to us, and we will take appropriate action in response.”

The secretary’s latest meeting with Wang came less than a month after Blinken made a rare trip to Beijing under the Biden administration.

The visit was aimed at soothing ties between the world’s two largest economies amid escalating tensions.

Security experts have argued the incidents demonstrate an acceleration in Beijing’s digital spying capabilities.

“Chinese cyber espionage operators’ tactics had steadily evolved to become more agile, stealthier, and complex to attribute” over the last decade, researchers at cybersecurity firm Mandiant wrote in a blog post Tuesday.

— CNBC’s Rohan Goswami contributed to this report.

The U.S. has accused discount shopping site Temu of possible data risks after its Chinese sister app was pulled from Google’s app store over “malware” — but analysts say they’re not that worried.

Compared to Pinduoduo, which was suspended by Google in March after versions offered outside Google’s Play store were found to contain malware, Temu is “not as aggressive,” one analyst said.

The malware in Pinduoduo was found to leverage specific vulnerabilities for Android phones, allowing the app to bypass user security permissions, access private messages, modify settings, view data from other apps and prevent uninstallation.

Google called it an “identified malicious app” and urged users to uninstall the Pinduoduo app, but the Chinese online retailer denied those claims.

According to analysis by Kevin Reed, chief information security officer at cybersecurity firm Acronis, Pinduoduo requests for as many as 83 permissions — including access to biometrics, Bluetooth and information about Wi-Fi networks.

“Some of these permissions Pinduoduo is asking seems to be unexpected for an e-commerce app,” said Reed, who shared his analysis of both apps with CNBC.

“But Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” said Reed.

Pinduoduo is a China-based e-commerce app that sells everything from groceries to clothing. It is the flagship product of Nasdaq-listed Chinese company PDD Holdings which also owns Temu. Temu’s headquarters are located in Boston.

“There should be no need for biometric data to be stored on an e-commerce website or app. I personally wouldn’t want my biometric data to be stored anywhere else other than my device,” said Sean Duca, vice president and regional chief security officer for Asia Pacific and Japan at cybersecurity firm Palo Alto Networks.

“Biometrics have a lot greater value than anything else, because I can’t simply change my fingerprint at all, unlike passwords,” said Duca.

He also questioned why access to Wi-Fi information was necessary. If it is corporate Wi-Fi that the user is connected to, it will “become a very lucrative target for cyber criminals where they start to actually gain access to this information,” cautioned Duca. “But why does an e-commerce provider actually need that?”

Temu, dubbed a copycat of fast-fashion label Shein, is taking the U.S. market by storm.

Just 17 days after its launch in September, the app surpassed Instagram, WhatsApp, Snapchat and Shein on the Apple App Store in the U.S., according to Apptopia data shared with CNBC. It launched in the U.K. in March, just weeks after entering Australia and New Zealand.

The fact that Pinduoduo “has requested even more permissions than Temu app even though they seem to be a similar kind of applications seems over-intrusive to me,” said Reed.

“Pinduoduo is much more aggressive in collecting users’ information,” said Reed who claimed the data was “obviously [transferred] back to the company.”

PDD Holdings did not respond to CNBC’s request for comment regarding those permissions.

In comparison, the Temu app requests for 24 permissions, said Reed. Some of these permissions include access to Bluetooth and information about Wi-Fi networks.

“There have been no reports of the malicious functionality present in official Play, App Store or third-party versions of Temu. The keys used to sign the Pinduoduo malware are not the same keys used to sign the Temu app,” said Daniel Thanos, vice president and head of Arctic Wolf Labs, the threat intelligence arm of cybersecurity firm Arctic Wolf.

“Based on our analysis, it appears that this malware is targeting Chinese users primarily, as it appears to target devices usually sold and used in China such as Xiaomi, Vivo, Oppo, Samsung, etc, and their corresponding applications,” said Thanos. PDD Holdings did not immediately respond to CNBC’s request for comment.

In a report on Chinese “fast fashion” platforms published in April, the U.S.-China Economic and Security Review Commission accused Temu and Shein of posing possible data risks.

Shein and Temu “primarily rely on U.S. consumers downloading and using Chinese apps to curate and deliver products,” said the report.

“These firms’ commercial success has encouraged both established Chinese e-commerce platforms and startups to copy its model, posing risks and challenges to U.S. regulations, laws, and principles of market access,” it said.

Chinese-owned apps face intense scrutiny in the U.S. over security concerns. U.S. lawmakers have cautioned that any Chinese-owned apps could be vulnerable to data privacy breaches or interference from the Chinese government.

While politicians often accuse Chinese companies of handing data over to the Chinese government, there is no evidence to support such claims.

“But there’s also a larger play here, which is many other apps that are not talked about are also collecting information and have been doing so for such a very long time,” said Duca, noting it is more of a systemic problem.

One analyst said she was less worried about shopping apps than social media platforms such as TikTok and its sister app Lemon8.

“From a national security standpoint, in addition to creating user profiles with all these data, social media platforms also have the ability to select, promote and demote content based on opaque metrics that ultimately, we don’t really have an insight into,” said Lindsay Gorman, senior fellow for emerging tech at the German Marshall Fund.

For shopping apps, the “real sort of content influence” may be Chinese companies promoting their products which “feels less of a threat to democracy,” said Gorman. Instead, social media apps could promote content about political topics which are much harder to track, she said.

TikTok faces a possible ban in the U.S. after its CEO Shou Zi Chew’s testimony before Congress, which failed to quell lawmakers’ concerns about the app’s ties to China or the adequacy of Project Texas, its plan to store U.S. data on American soil.

“ByteDance is not owned or controlled by the Chinese government. It’s a private company,” Chew said during the hearing.

In his first public interview since the congressional hearing, Chew said at the TED2023 conference last week: “We are building all the tools to prevent any of [Chinese government interference in U.S. elections] from happening.”

He said he was “very confident” the risk can be reduced to as close as zero with the company being “very, very far along” with Project Texas.

Another analyst, Glenn Gerstell, senior advisor at Center for Strategic and International Studies, said these apps are “ultimately controlled by Chinese parties and that’s what the American political system is going to be focused on.” Geopolitical tensions with China will continue to put Chinese apps under scrutiny.

“It may be that if we got more sophisticated, we’d be able to distinguish one app from another and create a safer, more limited and controlled space. But right now, we don’t have that system in place,” said Gerstell.

A new bill from a bipartisan group of lawmakers, if passed, would ban TikTok in the U.S. after years of broad concern across the Trump and Biden administrations about potential Chinese government influence on the company.

Social media stocks including Meta and Snap were positive Tuesday when the news broke. Meta shares were up more than 6% and Snap was up more than 3% as of late morning.

TikTok, owned by Chinese company ByteDance, has raised fears in the U.S. that Chinese government officials could gain access to U.S. user data under Chinese law that could compel the company to hand over information. TikTok has insisted U.S. user data is safely stored outside of China, which it says should keep it out of reach of government officials.

But the company’s reassurances have done little to turn down the heat on TikTok. The Committee on Foreign Investment in the U.S. is in talks with the company about how to resolve some of the data concerns, though a solution has reportedly been delayed. FBI Director Christopher Wray testified before Congress recently that he’s “extremely concerned” about the Chinese government’s potential influence through TikTok on U.S. users.

The new bill, introduced by Sen. Marco Rubio, R-Fla., and Reps. Mike Gallagher, R-Wisc., and Raja Krishnamoorthi, D-Ill., would ban “all transactions from any social media company in, or under the influence of, China, Russia, and several other foreign countries of concern,” according to a press release.

The ANTI-SOCIAL CCP ACT — which stands for Averting the National Threat of Internet Surveillance, Oppressive Censorship and Influence, and Algorithmic Learning by the Chinese Communist Party — explicitly names ByteDance and TikTok as subject to the restrictions in the bill, “unless and until the date on which the President certifies to Congress that the company no longer meets any of the conditions described,” such as being subject to “substantial influence” by a country of concern.

“It is troubling that rather than encouraging the Administration to conclude its national security review of TikTok, some members of Congress have decided to push for a politically-motivated ban that will do nothing to advance the national security of the United States,” a TikTok spokesperson said. “We will continue to brief members of Congress on the plans that have been developed under the oversight of our country’s top national security agencies—plans that we are well underway in implementing—to further secure our platform in the United States.”

Subscribe to CNBC on YouTube.

More than three weeks ago, a popular Twitter account named “Anonymous” declared that the shadowy activist group was waging a “cyber war” against Russia.

Since then, the account — which has more than 7.9 million followers, with some 500,000 gained since Russia’s invasion of Ukraine — has claimed responsibility for disabling prominent Russian government, news and corporate websites and leaking data from entities such as Roskomnadzor, the federal agency responsible for censoring Russian media.

But is any of that true?

It appears it is, says Jeremiah Fowler, a co-founder of the cybersecurity company Security Discovery, who worked with researchers at the web company Website Planet to attempt to verify the group’s claims.

“Anonymous has proven to be a very capable group that has penetrated some high value targets, records and databases in the Russian Federation,” he wrote in a report summarizing the findings.  

Of 100 Russian databases that were analyzed, 92 had been compromised, said Fowler.

They belonged to retailers, Russian internet providers and intergovernmental websites, including the Commonwealth of Independent States, or CIS, an organization made up of Russia and other former Soviet nations that was created in 1991 following the fall of the Soviet Union.

Many CIS files were erased, hundreds of folders were renamed to “putin_stop_this_war” and email addresses and administrative credentials were exposed, said Fowler, who likened it to 2020’s malicious “MeowBot” attacks, which “had no purpose except for a malicious script that wiped out data and renamed all the files.”

Another hacked database contained more than 270,000 names and email addresses.

“We know for a fact that hackers found and probably accessed these systems,” said Fowler. “We do not know if data was downloaded or what the hackers plan to do with this information.”

Other databases contained security information, internal passwords and a “very large number” of secret keys, which unlock encrypted data, said Fowler.

As to whether this was the work of Anonymous, Fowler said he followed Anonymous’ claims “and the timeline matches perfect,” he said.

The Twitter account, named @YourAnonNews, has also claimed to have hacked into Russian state TV stations.

“I would mark that as true if I were a factchecker,” said Fowler. “My partner at Security Discovery, Bob Diachenko, actually captured a state news live feed from a website and filmed the screen, so we were able to validate that they had hacked at least one live feed [with] a pro-Ukrainian message in Russian.”

The account has also claimed to have disrupted websites of major Russian organizations and media agencies, such as the energy company Gazprom and state-sponsored news agency RT.

“Many of these agencies have admitted that they were attacked,” said Fowler.

He called denial of service attacks — which aim to disable websites by flooding them with traffic — “super easy.” Those websites, and many others, have been shuttered at various points in recent weeks, but they are also reportedly being targeted by other groups as well, including some 310,000 digital volunteers who have signed up for the “IT Army of Ukraine” Telegram account.   

Fowler said he didn’t find any instances where Anonymous had overstated its claims.

But that is happening with other hacktivist groups, said Lotem Finkelstein, head of threat intelligence and research at the cybersecurity company Check Point Software Technologies.

In recent weeks, a pro-Ukrainian group claimed it breached a Russian nuclear reactor, and a pro-Russian group said it shut down Anonymous’ website. Check Point concluded both claims were false.

“As there is no real official Anonymous website, this attack … appears to be more of a morale booster for the pro-Russian side, and a publicity event,” CPR said, a fact which did not go unnoticed by Anonymous affiliates, who mocked the claim on social media. 

Groups are making fake claims by posting old or publicly available information to gain popularity or glory, said Finkelstein.

Fowler said he feels Anonymous is, however, dedicated more to the “cause” than to notoriety.

“In what I saw in these databases, it was more about the messaging than saying ‘hey, you know, Anonymous troop No. 21, group five, did this,'” he said. “It was more about the end result.”

Hacktivists who conduct offensive cyber warfare-like activities without government authority are engaging in criminal acts, said Paul de Souza, the founder of the non-profit Cyber Security Forum Initiative.

Despite this, many social media users are cheering Anonymous’ efforts on, with many posts receiving thousands of likes and messages of support.

“They’re almost like a cyber Robin Hood, when it comes to causes that people really care about, that no one else can really do anything about,” said Fowler. “You want action now, you want justice now, and I think groups like Anonymous and hacktivists give people that immediate satisfaction.”

Many hacktivist groups have strong values, said Marianne Bailey, a cybersecurity partner at the consulting firm Guidehouse and former cybersecurity executive with the U.S. National Security Agency. Cyber activism is a low-cost way for them to influence governmental and corporate actions, she said.

“It is protesting in the 21st century,” said Bailey.  

Yet cheering them on can be dangerous in the “fog of war,” she said.

“A cyberattack has the potential for such an immediate impact, in most cases well before any accurate attribution can be determined,” she said. “A cyber strike back or even kinetic strike back could be directed to the wrong place. And what if that misattribution is intentional? What if someone makes the attack appear from a specific country when that’s not true?”

She said cyber warfare can be cheaper, easier, more effective and easier to deny than traditional military warfare, and that it will only increase with time.

“With more devices connected to this global digital ecosystem the opportunity for impact continues to expand,” she said. “It will undoubtedly be used more often in future conflicts.”