FBI FLASH: APT Group Exploiting 0-day in FatPipe WARP, MPVPN, and IPVPN Software

The FBI has published a TLP:WHITE FLASH examining the activities of an APT group exploiting a zero-day in FatPipe WARP, MPVPN, and IPVPN software. According to the FLASH, APT actors have been observed exploiting this vulnerability going back to at least May 2021. The vulnerability allowed the threat actors “to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity.” The FLASH includes further technical details regarding this activity and lists recommended mitigations. It also encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov.