Security News > 2023 > June > Chinese spies blamed for data-harvesting raids on Barracuda email gateways

Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway devices globally as far back as October 2022, according to Mandiant.

Mandiant, who has been working with Barracuda to investigate the exploit used and the malware subsequently deployed, today identified a China-based threat group it tracks as UNC4841, and said the snoops targeted a "Subset" of Barracuda ESG appliances across several regions and sectors.

In an emailed statement to The Register, Barracuda confirmed Mandiant's assessment of the threat actor behind the attacks, and said as of June 10, about five percent of ESG appliances have shown evidence of an infection.

"All three code families attempt to masquerade as legitimate Barracuda ESG modules or services, a trend that UNC4841 has continued with the newly identified malware families detailed for the first time in this blog post," Mandiant said.

The Mandiant and Barracuda disclosure today follows another case of Chinese spies exploiting a critical bug to steal data that came to light earlier this week.

Mandiant researchers told The Register that they are not aware of any overlap between the two China-based threat actors or the Barracuda and VMware exploits.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/15/chinese_spies_behind_barracuda_esg/