The FBI has warned that a sophisticated group of attackers have exploited a zero-day flaw in a brand of virtual private networking (VPN) software since May.
The FBI said its forensic analysis showed that the exploitation of the zero-day vulnerability in the FatPipe WARP, MPVPN, and IPVPN software, by an advanced persistent threat (APT) group, went back to at least May 2021. It did not provide any further information about the identity of the group.
The vulnerability allowed the attackers to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity, the FBI said, noting: “Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors.”
SEE: A winning strategy for cybersecurity (ZDNet special report)
The FBI said the vulnerability affects all FatPipe WARP, MPVPN, and IPVPN device software prior to the latest version releases, 10.1.2r60p93 and 10.2.2r44p1.
It warned that detection of exploitation activity might be difficult, as cleanup scripts designed to remove traces of the attackers’ activity were discovered in most cases.
“Organizations that identify any activity related to these indicators of compromise within their networks should