1 min read

FBI Warns of an APT Exploiting a FatPipe VPN 0-Day for Six Months

Silviu STAHIE

November 19, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
FBI Warns of an APT Exploiting a FatPipe VPN 0-Day for Six Months

FBI has issued a warning regarding a 0-day vulnerability in the FatPipe MPVPN software that attackers have exploited for at least six months, allowing APT actors to access various systems.

0-day vulnerabilities are usually extremely valuable, and attackers make the most of them as quickly as possible, knowing full well that developers will close them when they find out. A subset of 0—day vulnerabilities, however, remains hidden for a very long time, letting threat actors infect multiple systems, remain embedded in compromised networks, and continue their activity unimpeded.

“FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021,” said the FBI. “The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity. Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors.”

“This vulnerability is not yet identified with a CVE number but can be located with the FatPipe Security Advisory number FPSA006. The vulnerability affects all FatPipe WARP®, MPVPN, and IPVPN® device software prior to the latest version releases 10.1.2r60p93 and 10.2.2r44p1,” the FBI added.

The FBI didn’t identify the threat actor. They did say they used SSH access to route malicious traffic through the device and target additional US infrastructure. In most cases, the hackers were careful to clean up after the breach so they could return as needed while keeping the 0-day vulnerability hidden.

Even though there’s no CVE yet, FatPipe released a patch that fixes the vulnerability. All FatPipe WARP, MPVPN, and IPVPN device software prior to releases 10.1.2r60p93 and 10.2.2r44p1 are vulnerable, and no other mitigations are possible without applying the patch. FBI urges all administrators to quickly upgrade the affected system and disable UI and SSH access from the WAN interface when not used.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read