frp

Aliases

Fast Reverse Proxy

Tags

Proxy

Incidents

z0Miner targeting WebLogic servers Mauri Ransomware Exploiting Apache ActiveMQ

References

https://asec.ahnlab.com/en/38156/https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/hacktool.linux.frp.f

Last edited

Feb 19, 2025 2:44 PM

Fast Reverse Proxy (FRP) is an open-source tool designed to expose local servers behind a firewall or Network Address Translation (NAT) to the internet. While primarily intended for legitimate purposes, threat actors have misused FRP to facilitate unauthorized access and proxy command-and-control (C2) communications. By deploying FRP clients on compromised systems, attackers can tunnel various protocols, including TCP, UDP, and HTTP(S), effectively bypassing network security measures. This misuse has been observed in campaigns by state-sponsored groups, such as those affiliated with the People's Republic of China, to maintain persistent access and obfuscate their activities.