Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a “constrained quantity” of units.
Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides in a third-party and open-source library Spreadsheet::ParseExcel that’s made use of by the Amavis scanner inside of the gateway.
The business attributed the activity to a threat actor tracked by Google-owned Mandiant as UNC4841, which was formerly linked to the active exploitation of another zero-day in Barracuda units (CVE-2023-2868, CVSS score: 9.8) earlier this 12 months.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Effective exploitation of the new flaw is achieved by usually means of a specially crafted Microsoft Excel email attachment. This is adopted by the deployment of new variants of recognised implants known as SEASPY and SALTWATER that are outfitted to supply persistence and command execution abilities.
Barracuda stated it unveiled a security update that has been “automatically utilized” on December 21, 2023, and that no even more consumer motion is essential.
It further pointed out that it “deployed a patch to remediate compromised ESG appliances which exhibited indicators of compromise connected to the recently determined malware variants” a day later. It did not disclose the scale of the compromise.
That mentioned, the primary flaw in the Spreadsheet::ParseExcel Perl module (model .65) continues to be unpatched and has been assigned the CVE identifier CVE-2023-7101, necessitating that downstream consumers acquire appropriate remedial motion.
In accordance to Mandiant, which has been investigating the marketing campaign, a number of private and general public sector businesses situated in at least 16 international locations are approximated to have been impacted due to the fact Oct 2022.
The newest enhancement as soon as all over again speaks to UNC4841’s adaptability, leveraging new methods and methods to keep obtain to superior priority targets as present loopholes get shut.
Discovered this post attention-grabbing? Observe us on Twitter and LinkedIn to examine far more unique articles we submit.
Some components of this posting are sourced from:
thehackernews.com