Security News > 2023 > August > FBI warns of patched Barracuda ESG appliances still being hacked
The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway remote command injection flaw are "Ineffective," and patched appliances are still being compromised in ongoing attacks.
Even though the Barracuda patched all appliances remotely and blocked the attackers' access to the breached devices on May 20, one day after the bug was identified, it also warned all customers on June 7 that they must replace all impacted appliances immediately, likely because it couldn't ensure the complete removal of malware deployed in the attacks.
Mandiant later linked the data-theft campaign targeting Barracuda ESG appliances using CVE-2023-2868 exploits to the UNC4841 threat group, described as a suspected pro-China hacking group.
The FBI now reinforced Barracuda's warning to customers that they should isolate and replace hacked appliances urgently, saying that the Chinese hackers are still actively exploiting the vulnerability and even patched devices are at risk of compromise because of "Ineffective" patches.
"The patches released by Barracuda in response to this CVE were ineffective. The FBI continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit."
CISA: New Submarine malware found on hacked Barracuda ESG appliances.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2023-2868 | Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | 9.8 |