Thursday, October 10, 2024
HomeCyber Security NewsHackers Continue to Exploit Barracuda ESG Zero-Day Flaw: FBI Flash Alert

Hackers Continue to Exploit Barracuda ESG Zero-Day Flaw: FBI Flash Alert

Published on

The recent discovery of a zero-day vulnerability (CVE-2023-2868) in Barracuda Networks Email Security Gateway (ESG) appliances has brought significant concern. 

CVE-2023-2868 is a remote command injection vulnerability that grants unauthorized execution of system commands with administrator privileges on Barracuda ESG appliances. 

Notably, this vulnerability affects ESG versions 5.1.3.001-9.2.0.006 in the appliance form factor. The vulnerability is exploited during the email attachment screening process. 

- Advertisement - EHA

Cyber actors can format TAR file attachments in a specific manner and send them to an email address linked to a domain with an ESG appliance. 

This malicious attachment triggers a command injection, allowing the execution of commands within the ESG with its privileges. More details about Barracuda’s zero-day vulnerability can be found here.

Exploitation by Suspected PRC Cyber Actors

Evidence of the exploitation of Barracuda ESG appliances emerged in October 2022. 

Suspected PRC cyber actors utilized emails with malicious attachments to target victims. 

Initially, attachments had “.tar” extensions, later evolving to different formats like “.jpg” or “.dat.” 

Upon scanning, these files initiated a connection to a domain/IP controlled by the actors, establishing a reverse shell and enabling further commands on the ESG device. 

Following the compromise, actors injected various malicious payloads to gain persistent access, scan emails, harvest credentials, and exfiltrate data.

The vulnerability’s exploitation involves formatting malicious attachments to trigger command injection. 

Exploited ESG appliances remain at risk even after patches have been applied. The FBI urges immediate isolation and replacement of affected ESG appliances. 

The attackers’ advanced techniques include counter-forensics, making detection challenging. 

Networks must be scanned for connections to provide indicators of compromise.

The FBI released a list that includes domains and IP addresses utilized by the attackers for malicious activities through an investigation.

The cyber division of the FBI also published recommended Barracuda mitigations for this exploitation.

  • Remove all ESG appliances immediately.
  • Conduct scans for outgoing connections using provided indicators.
  • Investigate and revoke compromised credentials.
  • Revoke and reissue certificates present during the compromise.
  • Monitor the entire network for signs of data exfiltration and lateral movement.
  • Capture forensic images and conduct a thorough analysis.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...