Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ

Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ

December 28, 2023 at 06:00AM

Mandiant disclosed zero-day attacks targeting Barracuda Email Security Gateway (ESG) appliances, exploiting CVE-2023-7102 to execute malicious code in Excel email attachments. The China-linked threat actor UNC4841 used this vulnerability to target government, IT, and high-tech organizations. Barracuda promptly deployed updates and urged customers to follow the recommended guidance. UNC4841 has a history of exploiting Barracuda ESG vulnerabilities.

Key takeaways from the meeting notes:

– A vulnerability affecting Barracuda Email Security Gateway (ESG) appliances has been exploited as a zero-day to target government, high-tech, and IT organizations by the China-linked threat actor tracked as UNC4841.
– The vulnerability, tracked as CVE-2023-7102, allows attackers to execute arbitrary code on ESG devices using the ‘Spreadsheet::ParseExcel’ open source library to check Excel email attachments for malware.
– Malicious code can be embedded in a specially crafted Excel file and sent as an attachment to the targeted organization, enabling attackers to gain unauthorized access and steal valuable data.
– The attacks, part of UNC4841’s cyberespionage operations, mainly targeted organizations in the United States and the Asia-Pacific and Japan (APJ) region.
– New variants of the SeaSpy and SaltWater malware were delivered to Barracuda customers by exploiting the vulnerability.
– Barracuda responded promptly by deploying updates to remediate the vulnerability and the compromised ESG appliances.
– Mandiant recommends that Barracuda’s customers read through the advisory and follow recommended guidance to ensure their systems are secure.
– The Chinese cyberspy group had previously exploited a different Barracuda ESG vulnerability (CVE-2023-2868) and forced the vendor to urge customers to replace compromised appliances.
– The recent campaign by UNC4841 demonstrates the threat actor’s persistence, and Mandiant anticipates a potential broadening of their targeted attack surface in the future.

This summary captures the main points discussed in the meeting notes regarding the Barracuda ESG vulnerability and the actions taken to address the security risks.

Full Article