The FBI warned that a group of attackers discovered a zero-day vulnerability in a-Software (Virtual Private Networking) exploits. A forensic analysis affects the FatPipe WARP, MPVPN, and IPVPN software. The US Federal Police did not provide any information on the identity of the group classified as Advanced Persistent Threat (APT).
The vulnerability allowed the attackers to gain access to an unrestricted file upload function in order to launch a webshell for attacks with root access. “The exploitation of this weak point then served the APT actors as a stepping stone into other infrastructures,” the FBI continues.
All versions of the FatPipe WARP, MPVPN and IPVPN device software prior to the latest versions 10.1.2r60p93 and 10.2.2r44p1 are vulnerable. It is also difficult to discover the activities of the hackers because they are trying to cover their tracks with cleanup scripts, the investigators added. “Organizations that see activity on their networks related to these indicators of compromise should take immediate action,” the FBI security alert read.
“The FBI strongly advises system administrators to update their devices immediately and follow other FatPipe security recommendations, such as disabling UI and SSH access over an outside-facing WAN interface when it is not needed.”