Hackers exploited Barracuda's 0-day vulnerability for up to 7 months

Enterprise security firm Barracuda May 30, 2023 revealed that since October 2022, threat actors have abused a recently patched zero-day vulnerability in its Email Security Gateway (ESG) appliances to set up a backdoor to the devices.

The latest findings indicate that the critical vulnerability, tracked as CVE-2023-2868 (CVSS rating: N/A), had been exploited for at least seven months prior to its discovery.

The vulnerability, discovered by Barracuda on May 19, 2023, affects versions through and could allow a remote attacker to execute code on a vulnerable installation. Barracuda issued patches on May 20 and May 21.

In an updated advisory, the network and email security company said CVE-2023-2868 was used to gain unauthorized access to a subset of ESG devices. They found malware on a subset of devices that allowed persistent backdoor access and evidence of a data breach on a subset of affected devices.

To date, they have found three different malware variants.

路 SALTWATER - A Trojanized module of the Barracuda SMTP daemon (bsmtpd), equipped to upload or download arbitrary files, execute commands, and proxy and tunnel malicious traffic to fly under the radar.

路 SEASPY - An x64 ELF backdoor that provides persistent functionality and is activated via the magic packet.

路 SEASIDE - A Lua-based module of bsmtpd that builds reverse shells via SMTP HELO/EHLO commands sent by the malware's command and control (C2) server.

According to Google-owned Mandiant, which is investigating the incident, it has been determined that there is a source code overlap between SEASPY and the open source backdoor called cd00r. The attacks have not been attributed to a known threat actor or group.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog last week, urging federal agencies to apply fixes by June 16, 2023.

Barracuda did not disclose how many organizations were compromised, but noted that they contacted the mitigation guidance directly. It also warned that an ongoing investigation may uncover other users who may have been affected.

【News】●AI-generated fake image of Pentagon explosion goes viral on Twitter
銆怰esources銆戔棌The 27 most popular AI Tools in 2023
【Dark Web】●5 Awesome Dark Web Links
銆怰esources銆戔棌The Achilles heel of AI startups: no shortage of money, but a lack of training data
銆怤ews銆戔棌Access control giant hit by ransom attack, NATO, Alibaba, Thales and others affected
銆怤etwork Security銆戔棌9 popular malicious Chrome extensions
銆怬pen Source Intelligence銆戔棌5 Hacking Forums Accessible by Web Browsers
【Artificial Intelligence】●Advanced tips for using ChatGPT-4