26 C
Mumbai
Sunday, March 3, 2024
HomeTechChinese Hackers Exploited Barracuda's ESG Appliances

Chinese Hackers Exploited Barracuda’s ESG Appliances

Date:

Related stories

Remote Access Trojan (RAT): Their Types, Mitigation & Removal

Remote Access Trojan (RAT): Their Types, Mitigation & Removal Post...

China-Linked Budworm Targeting Middle Eastern Telco & Asian Government Agencies

China-Linked Budworm Targeting Middle Eastern Telco & Asian Government...

Most Important Cyber Security Tips 2023

Most Important Cyber Security Tips 2023 Important Cyber Security Security...

Every Business Owner 10 Essential Cybersecurity Facts Must Know

Every Business Owner 10 Essential Cybersecurity Facts Must Know In...

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your desktop

New WinRAR Vulnerability Could Allow Hackers to Take Control...

Chinese Hackers Exploited Barracuda’s ESG Appliances

Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoors on a “limited number” of devices.

The company attributed the activity to a threat actor tracked by Google-owned Mandiant as UNC4841, which was previously linked to the active exploitation of another zero-day in Barracuda devices (CVE-2023-2868, CVSS score: 9.8) earlier this year.

Successful exploitation of the new flaw is accomplished by means of a specially crafted Microsoft Excel email attachment. This is followed by the deployment of new variants of known implants called SEASPY and SALTWATER that are equipped to offer persistence and command execution capabilities.

Barracuda said it released a security update that has been “automatically applied” on December 21, 2023, and that no further customer action is required.

It further pointed out that it “deployed a patch to remediate compromised ESG appliances which exhibited indicators of compromise related to the newly identified malware variants” a day later. It did not disclose the scale of the compromise.

That said, the original flaw in the Spreadsheet::ParseExcel Perl module (version 0.65) remains unpatched and has been assigned the CVE identifier CVE-2023-7101, necessitating that downstream users take appropriate remedial action.

According to Mandiant, which has been investigating the campaign, a number of private and public sector organizations located in at least 16 countries are estimated to have been impacted since October 2022.

The latest development once again speaks to UNC4841’s adaptability, leveraging new tactics and techniques to retain access to high priority targets as existing loopholes get closed.

Technogeek Online
Technogeek Onlinehttps://technogeek.online
Technogeek Online mission is to be a digital for technical decision-makers to gain knowledge about transformative technology. We deliver essential information on cyber technologies and strategies to guide you as you lead your organizations. We are inviting you to become a member of our community.

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here