Chinese Hackers Exploited New Zero-Day in Barracuda’s ESG Devices

Zero-Day in Barracuda's ESG Appliances

Barracuda has revealed that Chinese threat actors have exploited a new zero-day in their Email Security Gateway (ESG) devices to deploy backdoors on a “limited number” of devices.

Tracked as CVE-2023-7102the issue concerns a case of execution of arbitrary code which is located in a third-party open source library Spreadsheet::ParseExcel that is used by the Amavis scanner within the gateway.

The company attributed the activity to a threat actor tracked by Google-owned Mandiant UNC4841which was previously associated with the active exploitation of a new zero-day in Barracuda devices (CVE-2023-2868, CVSS score: 9.8) earlier this year.

Successful exploitation of the new flaw is achieved through a specially crafted Microsoft Excel email attachment. This will be followed by the deployment of new variants of well-known implants called SEASPY and SALTWATER, which are equipped to provide persistence and command execution capabilities.

Barracuda said it released a security update that was “automatically applied” on December 21, 2023, and no further customer action is required.

It further pointed out that a day later it had “deployed a patch to remediate compromised ESG devices showing indicators of compromise related to the newly identified malware variants.” The extent of the compromise was not disclosed.

That said, the original bug in the Spreadsheet::ParseExcel Perl module (version 0.65) remains unpatched and has been assigned the CVE identifier CVE-2023-7101requiring downstream users to take appropriate remedial action.

According to Mandiant, who researched the campaign, a number of private and public sector organizations in at least 16 countries are estimated to have been affected since October 2022.

The latest development once again speaks to the adaptability of UNC4841, using new tactics and techniques to maintain access to high-priority targets while closing existing loopholes.

#Chinese #Hackers #Exploited #ZeroDay #Barracudas #ESG #Devices

Notify of
Inline Feedbacks
View all comments
Previous Post
Sneaky Xamalicious Android Malware

New sneaky Xamalicious Android malware affects more than 327,000 devices

Next Post
Apache OfBiz ERP

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attacks

Related Posts