In an ongoing development that has the cybersecurity landscape on the edge, the U.S. Federal Bureau of Investigation (FBI) has issued an alarming notification, claiming that regardless of recent patches, Barracuda Networks Email Security Gateway (ESG) appliances remain critically susceptible to exploitation. The warning follows observed attacks from suspected Chinese adversaries, with existing solutions to the security loophole deemed inadequate, leaving appliances previously affected by these attacks still exposed and vulnerable.
The unique CVE tracker identifies the vulnerability in question as CVE-2023-2868, with a severity score (or CVSS score) of 9.8, placing it at the highest level of threat. Cyber spies reportedly began to utilize the vulnerability as a potent weapon in October 2022, meaning it was in use for more than half a year before the defective security patch was issued.
Google's cybersecurity subsidiary, Mandiant, tracks this Eastern derived cyber espionage under the operative name UNC4841. The specific threat to Barracuda's ESG products is a command injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006, which allows unapproved execution of system commands at admin-level access.
This breach manifests itself as multiple streams of malware, including SALTWATER, SEASIDE, SEASPY, SANDBAR, SEASPRAY, SKIPJACK, WHIRLPOOL, and SUBMARINE (also known as DEPTHCHARGE). These are designed to execute arbitrary commands while dodging detection. Orchestrated effectively, intruders can deploy these malicious payloads to gain persistent access, scan emails, harvest credentials, and exfiltrate data at will.
The cybersecurity experts at Mandiant have lauded these threat actors, UNC4841, for their aggressive approach and skillful execution. The cluster's ability to adapt quickly, enhance their custom toolsets with additional persistence mechanisms, and breach high-priority targets showcases a concerning level of sophistication.
Following these developments, the FBI has recommended immediate isolation and replacement of all affected ESG devices. It has also advised companies to be vigilant about any suspicious outgoing network traffic. Reacting to the issue, Barracuda Networks provided a statement underlining consistent guidance to its customers- if there are indications of compromise through a user interface notification or contact from a Barracuda Technical Support Representative, the customer should immediately reach out for a replacement. Affirming their commitment to customer safety, the company will provide the replacement product free of charge.
While only a percentage of the ESG appliances are affected by the saga, Barracuda urges all its users to be vigilant and proactive in managing their cybersecurity.
At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.