Security News > 2023 > June > Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway
A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway appliances since October 2022.
"UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic of China," Google-owned Mandiant said in a new report published today, describing the group as "Aggressive and skilled."
The flaw in question is CVE-2023-2868, which relates to a remote code injection affecting versions 5.1.3.001 through 9.2.0.006 that arises as a result of an incomplete validation of attachments contained within incoming emails.
Now according to the incident response and threat intelligence firm, which was appointed to probe the hack, UNC4841 is said to have sent emails to victim organizations containing malicious TAR file attachments that were designed to exploit the bug as early as October 10, 2022.
UNC4841 has all the hallmarks of a persistent actor, given its ability to swiftly alter its malware and employ additional persistence mechanisms as Barracuda initiated containment efforts after discovering the activity on May 19, 2023.
Data exfiltration entailed the capture of email related data in a subset of cases.
News URL
https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html
Related news
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- Security Vulnerability of HTML Emails (source)
- Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways (source)
- OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories (source)
- Exploit code for Palo Alto Networks zero-day now public (source)
- Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Chinese government website security is often worryingly bad, say Chinese researchers (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2023-2868 | Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | 9.8 |