FBI Warns of an APT Exploiting a FatPipe VPN 0-Day for Six Months
FBI has issued a warning regarding a 0-day vulnerability in the FatPipe MPVPN software that attackers have exploited for at least six months, allowing APT actors to access various systems.
0-day vulnerabilities are usually extremely valuable, and attackers make the most of them as quickly as possible, knowing full well that developers will close them when they find out. A subset of 0—day vulnerabilities, however, remains hidden for a very long time, letting threat actors infect multiple systems, remain embedded in compromised networks, and continue their activity unimpeded.
“FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021,” said the FBI. “The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity. Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors.”
“This vulnerability is not yet identified with a CVE number but can be located with the FatPipe Security Advisory number FPSA006. The vulnerability affects all FatPipe WARP®, MPVPN, and IPVPN® device software prior to the latest version releases 10.1.2r60p93 and 10.2.2r44p1,” the FBI added.
The FBI didn’t identify the threat actor. They did say they used SSH access to route malicious traffic through the device and target additional US infrastructure. In most cases, the hackers were careful to clean up after the breach so they could return as needed while keeping the 0-day vulnerability hidden.
Even though there’s no CVE yet, FatPipe released a patch that fixes the vulnerability. All FatPipe WARP, MPVPN, and IPVPN device software prior to releases 10.1.2r60p93 and 10.2.2r44p1 are vulnerable, and no other mitigations are possible without applying the patch. FBI urges all administrators to quickly upgrade the affected system and disable UI and SSH access from the WAN interface when not used.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022