Barracuda has unveiled that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a “minimal variety” of products.
Tracked as CVE-2023-7102, the issue relates to a circumstance of arbitrary code execution that resides in just a third-occasion and open-resource library Spreadsheet::ParseExcel that is utilized by the Amavis scanner inside the gateway.
The organization attributed the activity to a danger actor tracked by Google-owned Mandiant as UNC4841, which was formerly linked to the lively exploitation of an additional zero-working day in Barracuda devices (CVE-2023-2868, CVSS rating: 9.8) before this 12 months.
Successful exploitation of the new flaw is accomplished by implies of a specially crafted Microsoft Excel email attachment. This is followed by the deployment of new variants of known implants referred to as SEASPY and SALTWATER that are geared up to offer you persistence and command execution abilities.
Barracuda claimed it launched a security update that has been “quickly applied” on December 21, 2023, and that no further more shopper motion is expected.
It even further pointed out that it “deployed a patch to remediate compromised ESG appliances which exhibited indicators of compromise similar to the freshly recognized malware variants” a working day afterwards. It did not disclose the scale of the compromise.
That said, the primary flaw in the Spreadsheet::ParseExcel Perl module (version .65) continues to be unpatched and has been assigned the CVE identifier CVE-2023-7101, necessitating that downstream consumers consider suitable remedial motion.
In accordance to Mandiant, which has been investigating the campaign, a range of private and community sector companies positioned in at least 16 countries are approximated to have been impacted because October 2022.
The most current improvement at the time once more speaks to UNC4841’s adaptability, leveraging new tactics and tactics to keep obtain to superior priority targets as present loopholes get closed.
Uncovered this post attention-grabbing? Comply with us on Twitter and LinkedIn to browse much more exceptional written content we article.
Some parts of this article are sourced from:
thehackernews.com