December 27, 2023 at 06:56AM
Barracuda deployed remote patches on December 21 to address a zero-day vulnerability in its Email Security Gateway (ESG) appliances exploited by Chinese hackers. A subsequent wave of security updates targeted compromised appliances. The vulnerability, tracked as CVE-2023-7102, is attributed to a weakness in a third-party library. The company reassured customers and attributed the attacks to the China-based UNC4841 group. In a related May incident, Barracuda was targeted using a different zero-day, leading to data exfiltration and malware deployment.
From the provided meeting notes, it is clear that Barracuda has been the target of zero-day attacks by the UNC4841 Chinese hacker group. The attacks exploited vulnerabilities in Barracuda’s Email Security Gateway (ESG) appliances. Barracuda has taken steps to address the vulnerabilities by patching the affected appliances and deploying security updates.
Customers have been assured that no immediate action is required, and Barracuda is continuing its investigation into the matter. Furthermore, it is noted that Barracuda is collaborating with Mandiant in assessing the activities attributed to UNC4841.
In addition, it is mentioned that Barracuda has previously experienced similar zero-day attacks in May of the same year, resulting in the deployment of previously unknown malware and data exfiltration from compromised systems. Notably, a significant number of affected appliances belonged to government agencies.
It is evident that the attacks on Barracuda have targeted a wide range of organizations, including high-profile companies such as Samsung, Kraft Heinz, Mitsubishi, and Delta Airlines. Moving forward, it will be crucial for Barracuda to continue strengthening its security measures to protect against future attacks and to ensure the safety of its widespread customer base.