December 27, 2023 at 06:12AM
China-linked hackers are persistently targeting Barracuda Email Security Gateway (ESG) appliances. In May 2023, a zero-day vulnerability, CVE-2023-2868, was used to deliver malware and steal data, attributed to cyberespionage group UNC4841. Subsequently, a new zero-day vulnerability, CVE-2023-7102, impacting the ‘Spreadsheet::ParseExcel’ library, was exploited to deliver new malware variants. Barracuda issued patches and recommended necessary remediation measures.
Based on the meeting notes, the key takeaways are:
1. China-linked hackers have been targeting Barracuda Email Security Gateway (ESG) appliances using zero-day vulnerabilities such as CVE-2023-2868 and CVE-2023-7102.
2. The attacks were attributed to UNC4841, a cyberespionage group believed to be sponsored by the Chinese government.
3. The hackers exploited the vulnerabilities to deliver malware, steal data, and compromise ESG appliances.
4. Barracuda has released patches in response to the attacks, but the hackers have continued to target devices.
5. Barracuda issued a new warning about a new zero-day vulnerability (CVE-2023-7102) affecting ESG appliances.
6. The company has provided indicators of compromise (IoCs) for the observed malware variants and infrastructure.
7. Mandiant reported that UNC4841 had targeted entities across 16 countries, including government organizations and officials, academics, and foreign trade offices.
These takeaways provide a clear understanding of the security threats posed by the China-linked hackers and the ongoing efforts to address the vulnerabilities in Barracuda ESG appliances.