Security News > 2023 > May > Barracuda zero-day abused since 2022 to drop new malware, steal data
Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway appliances with custom malware and steal data.
The company says an ongoing investigation found that the bug was first exploited in October 2022 to gain access to "a subset of ESG appliances" and deploy backdoors designed to provide the attackers with persistent access to the compromised systems.
The security flaw was identified on May 19, one day after being alerted of suspicious traffic from ESG appliances and hiring cybersecurity firm Mandiant to help with the investigation.
The company addressed the issue on May 20 by applying a security patch to all ESG appliances and blocked the attackers' access to the compromised devices one day later by deploying a dedicated script.
"Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers."
Customers are advised to check if their ESG appliances are up-to-date, stop using breached appliances and request a new virtual or hardware appliance, rotate all credentials linked to hacked appliances, and check their network logs for IOCs shared today and for connections from unknown IPs.