The Federal Bureau of Investigation (FBI) issued a flash alert this week that warned of an Advanced Persistent Threat (APT) that has been compromising FatPipe router clustering and load balancer products to breach victim networks. According to the flash alert, “As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021.” The zero-day allows the APT threat actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access that leads to elevated privileges. After obtaining access to these devices, the threat actor could use them to move laterally throughout the network. The zero-day bug exploited in these attacks impacts all FatPipe WARP, MPVPN, and IPVPN device software prior to versions 10.1.2r60p93 and 10.2.2r44p1. The vulnerability does not yet have a CVE ID assigned, but FatPipe released a patch a month ago.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in