Security News > 2023 > August > FBI: Who was going around hijacking Barracuda email boxes? China, probably

FBI: Who was going around hijacking Barracuda email boxes? China, probably
2023-08-25 00:17

The FBI has warned owners of Barracuda Email Security Gateway appliances the devices are likely undergoing attack by snoops linked to China, and removing the machines from service remains the safest course of action.

On Wednesday, the FBI pushed that recommendation in a flash alert [PDF] that stated it "Strongly advises all affected ESG appliances be isolated and replaced immediately."

"Based on the FBI's investigation to date, the cyber actors exploited this vulnerability in a significant number of ESG appliances and injected multiple malicious payloads that enabled persistent access, email scanning, credential harvesting, and data exfiltration," the agents said.

On other occasions the attackers used the Barracuda boxes to send emails to other appliances to hop into other networks, the FBI explained.

The FBI's analysis also highlights the measures UNC4841 took to maintain access to victims' networks - either before Barracuda issued a patch, or before organizations had a chance to implement the fix, Mandiant senior incident response manager Austin Larsen told The Register.

Which is why the FBI has joined Barracuda in recommending the ESG appliances be either isolated or replaced.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/08/25/fbi_china_barracuda/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Barracuda 19 0 2 4 5 11