Last Updated on 22/11/2021 by TheDigitalHacker
The FBI has issued a flash alert on an APT group exploiting a zero-day hole in FatPipe devices and software. Fortune 1000 organisations are customers of FatPipe, a networking hardware company.
Cybercriminals are using a zero-day issue in FatPipe’s MPVPN (router clustering device), WARP (WAN redundancy product), and IPVPN, according to FBI forensic research (load-balancing and reliability device for VPNs).
The weakness was discovered in May and was used to break into target networks. All FatPipe MPVPN, IPVPN, and WARP device software versions issued until the newest ones, 10.2.2r44p1 and 10.1.2r60p93, were affected by the zero-day bug employed in these assaults. The bug gave the APT group full access to a file upload feature, allowing them to drop a webshell with root access for exploitation. It resulted in the escalation of privileges and the expansion of activities. The attackers utilised exposed FatPipe devices for lateral movement inside networks after compromising them.
The issue is in the FatPipe software’s online administration interface. On a susceptible device, it happens owing to a lack of input and validity verification for specified HTTP requests. A customised HTTP request might be sent to the device to exploit this issue. A successful exploitation might allow a remote attacker to upload a file to any position on a susceptible device’s file system. The bug does not yet have a CVE ID, however it has been patched in a security advisory called FPSA006.
According to FatPipe’s recommendations, clients should deactivate UI access on all WAN interfaces. For trustworthy sources, they should configure Access Lists on the interface page. A list of signs of compromise and YARA malware signatures is also included in the FBI’s advisory. It also encourages businesses to respond quickly when they see questionable network activity.
