Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day
Posted: Wed Dec 27, 2023 1:06 pm
China-linked hackers continue to target Barracuda Email Security Gateway (ESG) appliances, with recent attacks involving exploitation of a new zero-day vulnerability.
It came to light in May 2023 that a Barracuda ESG zero-day tracked as CVE-2023-2868 had been exploited since at least October 2022 to deliver malware and steal data from a limited number of organizations that had been using the email security product.
In June, Mandiant attributed the attacks with high confidence to UNC4841, a cyberespionage group believed to be sponsored by the Chinese government.
In these attacks, the hackers exploited CVE-2023-2868 for initial access to the Barracuda devices by sending specially crafted emails to the targeted organizations. The attackers then delivered custom backdoors named SeaSpy, SaltWater and SeaSide, a rootkit named SandBar, and several trojanized versions of Barracuda LUA modules.
[...]
Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day
It came to light in May 2023 that a Barracuda ESG zero-day tracked as CVE-2023-2868 had been exploited since at least October 2022 to deliver malware and steal data from a limited number of organizations that had been using the email security product.
In June, Mandiant attributed the attacks with high confidence to UNC4841, a cyberespionage group believed to be sponsored by the Chinese government.
In these attacks, the hackers exploited CVE-2023-2868 for initial access to the Barracuda devices by sending specially crafted emails to the targeted organizations. The attackers then delivered custom backdoors named SeaSpy, SaltWater and SeaSide, a rootkit named SandBar, and several trojanized versions of Barracuda LUA modules.
[...]
Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day