FBI issues flash alert after APT groups exploited VPN flaws

With this flaw, FatPipe joins the list of VPN providers that have faced a similar situation in the past, including Fortinet, Cisco, Pulse Secure, and Citrix.

The Federal Bureau of Investigation (FBI) released a warning revealing that an APT group (advanced persistent threat) exploited a zero-day flaw in FatPipe WARP, MPVPN, and IPVPN software before it was patched.

The exploitation started in May 2021. With this flaw, FatPipe joins the list of VPN providers that have faced a similar situation in the past, including Fortinet, Cisco, SonicWall, Pulse Secure, and Citrix.

About the Flaw

According to the FBI flash alert [PDF], the flaw allowed APT group(s) to access an unrestricted file upload function and drop a web shell to gain root access and perform further exploitation. They could gain elevated privileges and carry out follow-on activities. 

“Exploitation of this vulnerability then served as a jumping-off point into other infrastructure for the APT actors,” FBI’s advisory noted.

Further, the agency shared that the attacker leveraged the web shell to encourage lateral movement and targeted additional U.S. infrastructure using a malicious SSH service, obtaining an initial foothold into vulnerable networks and maintaining persistence for long. 

The flaw impacted all

Read More: https://www.hackread.com/fbi-flash-alert-apt-groups-exploiting-vpn-flaws/