Barracuda email cyberattack may have been used by hackers to spy on US government
The Americas were a key target in the attacks
Cybersecurity firm and Google Cloud subsidiary, Mandiant, has announced suspicions that Chinese-backed spies could have been behind the exploitation of a zero-day vulnerability in the Barracuda Email Security Gateway (ESG).
Researchers have tracked attacks to a China-nexus actor who appears to have been conducting espionage “spanning a multitude of regions and sectors,” including the US government.
The announcement details how the attacker, codenamed UNC4841, sent emails containing malicious files to target organizations that would exploit CVE-2023-2868 in order to gain initial access to vulnerable Barracuda ESG appliances.
Chinese spies could be behind the Barracuda ESG attack
The CVE description details the vulnerability that affected versions 5.1.3.001-9.2.0.006:
“A remote attacker can specifically format [.tar] file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.”
According to the security workers, public and private sectors were targeted, with more than half (55%) being in the Americas. The remaining came in almost equal parts from the EMEA and APAC regions, with attacks showing a clear focus “on issues that are high policy priorities for the [People’s Republic of China].”
The BNSF-36456 patch was automatically applied to all appliances, however attacks could have been going on undetected from October 2022 until May 2023 - a period spanning more than seven months.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Mandiant, who was responsible for raising the concern, said in a statement that it “commends Barracuda for their decisive actions, transparency, and information sharing following the exploitation of CVE-2023-2868 by UNC4841.”
Nonetheless, the true identity of UNC4841 remains unconfirmed, with the group still at large and likely operating or developing other attacks and exploiting vulnerabilities elsewhere.
- Boost your security with the best endpoint protection software and best firewalls
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!