For the past few months, the FBI has warned that a highly-sophisticated group of hackers has been using a zero-day flaw in a brand of virtual private networking software (VPN).
FatPipe WARP, MPVPN, and IPVPN software’s zero-day vulnerability were exploited by an advanced persistent threat (APT) group as far back as May 2021, according to FBI forensic analysis. The group’s identity remained a mystery in the report.
“Exploitation of this vulnerability then served as a jumping-off point into other infrastructure for the APT actors,” the FBI reported, Hackers exploited unrestricted file upload vulnerability to upload a shell and gain root access, leading to escalating privilege.
FatPipe WARP, MPVPN, and IPVPN devices prior to the latest software releases, 10.1.2r60p93 and 10.2.2r44p1, are affected by the vulnerability, according to the FBI.
According to the warnings, it warned that it might be difficult to find evidence of exploitation because cleanup scripts were discovered in most cases.
“Organizations that identify any activity related to these indicators of compromise within their networks should take action immediately,” the FBI said in an alert.
“FBI strongly urges system administrators to upgrade their devices immediately and to follow other FatPipe security recommendations such as disabling UI and SSH access from the WAN interface (externally facing) when not actively using it.”
There is a flaw in FatPipe’s web management interface that could allow a remote attacker to upload a file to any location on the filesystem on an affected device.
“The vulnerability is due to a lack of input and validation checking mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device.”