Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a “constrained quantity” of units.
Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides in a third-party and open-source library Spreadsheet::ParseExcel that’s made use of by the Amavis scanner inside of the gateway.
The business attributed the activity to a threat actor tracked by Google-owned Mandiant as UNC4841, which was formerly linked to the active exploitation of another zero-day in Barracuda units (CVE-2023-2868, CVSS score: 9.8) earlier this 12 months.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Effective exploitation of the new flaw is achieved by usually means of a specially crafted Microsoft Excel email attachment. This is adopted by the deployment of new variants of recognised implants known as SEASPY and SALTWATER that are outfitted to supply persistence and command execution abilities.
Barracuda stated it unveiled a security update that has been “automatically utilized” on December 21, 2023, and that no even more consumer motion is essential.
It further pointed out that it “deployed a patch to remediate compromised ESG appliances which exhibited indicators of compromise connected to the recently determined malware variants” a day later. It did not disclose the scale of the compromise.
That mentioned, the primary flaw in the Spreadsheet::ParseExcel Perl module (model .65) continues to be unpatched and has been assigned the CVE identifier CVE-2023-7101, necessitating that downstream consumers acquire appropriate remedial motion.
In accordance to Mandiant, which has been investigating the marketing campaign, a number of private and general public sector businesses situated in at least 16 international locations are approximated to have been impacted due to the fact Oct 2022.
The newest enhancement as soon as all over again speaks to UNC4841’s adaptability, leveraging new methods and methods to keep obtain to superior priority targets as present loopholes get shut.
Discovered this post attention-grabbing? Observe us on Twitter and LinkedIn to examine far more unique articles we submit.
Some components of this posting are sourced from:
thehackernews.com
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices