Security News > 2023 > June > Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway
A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway appliances since October 2022.
"UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic of China," Google-owned Mandiant said in a new report published today, describing the group as "Aggressive and skilled."
The flaw in question is CVE-2023-2868, which relates to a remote code injection affecting versions 5.1.3.001 through 9.2.0.006 that arises as a result of an incomplete validation of attachments contained within incoming emails.
Now according to the incident response and threat intelligence firm, which was appointed to probe the hack, UNC4841 is said to have sent emails to victim organizations containing malicious TAR file attachments that were designed to exploit the bug as early as October 10, 2022.
UNC4841 has all the hallmarks of a persistent actor, given its ability to swiftly alter its malware and employ additional persistence mechanisms as Barracuda initiated containment efforts after discovering the activity on May 19, 2023.
Data exfiltration entailed the capture of email related data in a subset of cases.
News URL
https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html
Related news
- Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2023-2868 | Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | 9.8 |