For HomeFor BusinessFor Partners
Industry News
1 min read

FBI Warns of an APT Exploiting a FatPipe VPN 0-Day for Six Months

Silviu STAHIE

November 19, 2021

Promo Protect all your devices, without slowing them down.
Free 30-day trial
FBI Warns of an APT Exploiting a FatPipe VPN 0-Day for Six Months

FBI has issued a warning regarding a 0-day vulnerability in the FatPipe MPVPN software that attackers have exploited for at least six months, allowing APT actors to access various systems.

0-day vulnerabilities are usually extremely valuable, and attackers make the most of them as quickly as possible, knowing full well that developers will close them when they find out. A subset of 0—day vulnerabilities, however, remains hidden for a very long time, letting threat actors infect multiple systems, remain embedded in compromised networks, and continue their activity unimpeded.

“FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021,” said the FBI. “The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity. Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors.”

“This vulnerability is not yet identified with a CVE number but can be located with the FatPipe Security Advisory number FPSA006. The vulnerability affects all FatPipe WARP®, MPVPN, and IPVPN® device software prior to the latest version releases 10.1.2r60p93 and 10.2.2r44p1,” the FBI added.

The FBI didn’t identify the threat actor. They did say they used SSH access to route malicious traffic through the device and target additional US infrastructure. In most cases, the hackers were careful to clean up after the breach so they could return as needed while keeping the 0-day vulnerability hidden.

Even though there’s no CVE yet, FatPipe released a patch that fixes the vulnerability. All FatPipe WARP, MPVPN, and IPVPN device software prior to releases 10.1.2r60p93 and 10.2.2r44p1 are vulnerable, and no other mitigations are possible without applying the patch. FBI urges all administrators to quickly upgrade the affected system and disable UI and SSH access from the WAN interface when not used.

tags

Industry News

Author

Silviu STAHIE

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

Right now Top posts

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide
Scam Spam

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide

April 19, 2024

5 min read
Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond
Scam How to Tips and Tricks

Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond

April 01, 2024

2 min read
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts
Spam Industry News Threats

Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts

November 28, 2023

4 min read
Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting
Protecting Your Important How to Tips and Tricks

Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting

November 08, 2023

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

How to keep your Android device immune to malicious vaccine themed apps
Archive

How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine
Archive Industry News

Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands
Archive

Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read

Bookmarks

loader