Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months


May 31, 2023Ravie LakshmananNetwork Security / Zero Day

Barracuda Email Security Gateway

Enterprise security firm Barracuda revealed on Tuesday that a recently patched zero-day flaw in Email Security Gateway (ESG) equipment has been abused by threat actors since October 2022 to open device backdoors.

Latest findings indicates that a critical vulnerability, tracked as CVE-2023-2868 (CVSS Score: N/A), had been actively exploited for at least seven months prior to its discovery.

The flaw, which Barracuda identified on May 19, 2023, affects versions through and could allow a remote attacker to achieve code execution on a vulnerable installation. Patches were released by Barracuda on May 20 and May 21.

“CVE-2023-2868 used to gain unauthorized access to a subset of ESG equipment,” email and network security firm said in the updated advice.

“Malware was identified on the subset of equipment that allowed perpetual backdoor access. Evidence of data exfiltration was identified on the affected subset of equipment.”

Three different malware strains have been discovered to date –

  • SALT WATER – A trojanized module for the Barracuda SMTP daemon (bsmtpd) equipped to upload or download arbitrary files, execute commands, as well as proxy and direct malicious traffic to fly under the radar.
  • SEASpy – ELF backdoor x64 that offers persistence ability and is activated via a magic pack.
  • SEASIDE – The Lua-based module for bsmtpd creates a reverse shell via SMTP HELO/EHLO commands sent via the malware’s command-and-control (C2) server.

Source code overlap has been identified between SEASPY and cd00r, according to Google-owned Mandiant, which is investigating the incident. The attack has not been linked to any known threat actor or group.


Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Fraud can detect advanced threats, stop lateral moves, and improve your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

The US Cyber ​​and Infrastructure Security Agency (CISA), last week, also added the bug to its Exploited Vulnerabilities Catalog (KEV), urging federal agencies to implement a fix by June 16, 2023.

Barracuda did not disclose how many organizations were breached, but noted that they were contacted directly with mitigation guidance. It also warned that an ongoing investigation could uncover additional users.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.


Source link

Related Articles

Back to top button