Aliases
Fast Reverse Proxy
Tags
Proxy
Incidents
z0Miner targeting WebLogic serversMauri Ransomware Exploiting Apache ActiveMQ
References
https://asec.ahnlab.com/en/38156/https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/hacktool.linux.frp.f
Last edited
Feb 19, 2025 2:44 PM
Fast Reverse Proxy (FRP) is an open-source tool designed to expose local servers behind a firewall or Network Address Translation (NAT) to the internet. While primarily intended for legitimate purposes, threat actors have misused FRP to facilitate unauthorized access and proxy command-and-control (C2) communications. By deploying FRP clients on compromised systems, attackers can tunnel various protocols, including TCP, UDP, and HTTP(S), effectively bypassing network security measures. This misuse has been observed in campaigns by state-sponsored groups, such as those affiliated with the People's Republic of China, to maintain persistent access and obfuscate their activities.