China-Based Hackers Exploit Barracuda Zero-Day Vulnerability to Target U.S. Government
Targets of the attack included local governments, military, technology telecom, and aerospace organizations.
- A China-based hacking group called UNC4841 exploited a zero-day vulnerability in Barracuda’s Email Security Gateway (ESG) to target U.S. government bodies.
- The Federal Bureau of Investigation issued a flash alert claiming that several appliances remained at risk.
Barracuda Networks and Google’s Mandiant have revealed that a zero-day vulnerability in Barracuda’s email security gateway (ESG) was exploited extensively by a China-based hacking group called UNC4841. The group largely targeted government organizations in the U.S. and Canada.
The vulnerability known as CVE-2023-2868 has reportedly been exploited since late 2022, while it has been known widely only in May 2023. While Barracuda dropped a patch soon after, the fix was eventually deemed ineffective, forcing the company to advise affected organizations to discard vulnerable devices.
The zero-day vulnerability allows remote command injections in some Barracuda ESG devices, which account for approximately 5% of all installations, giving attackers RCE capabilities with higher privileges.
While Mandiant and Barracuda have claimed that there has been no exploitation of the vulnerability since the patch, the FBI has released a flash warning that several devices remained at risk. Replacement of vulnerable devices was recommended.
See More: NVIDIA Dominates in AI Offerings as Competitors Struggle To Keep Up
According to Mandiant, UNC4841 managed to disrupt efforts to mitigate damage with the aid of new malware called Depthcharge, Skipjack, Foxglove, and Foxtrot to sustain their access to high-value targets.
Prominent targets of the attacks included national and local government bodies, technology and IT companies, and telecom and aerospace bodies. The hacking group continues to change targets, techniques, and procedures while modifying toolkits to maintain espionage activities for the foreseeable future.
What practices does your organization follow to prevent cyberattacks? Let us know your thoughts on LinkedIn, X (Twitter), or Facebook. We’d love to hear from you!
Image source: Shutterstock