Security News > 2023 > August > Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign.
What's more, FOXTROT shares overlaps with an open-source rootkit called Reptile, which has been extensively used by multiple Chinese hacking crews in recent months.
"FOXTROT and FOXGLOVE are also notable in that they are the only malware families observed being used by UNC4841 that were not specifically designed for Barracuda ESGs," Mandiant pointed out.
Another aspect that makes FOXGLOVE and FOXTROT stand out is the fact that they have been the most selectively deployed among all malware families used by UNC4841, exclusively using it to target government or government-related organizations.
UNC4841's Chinese connections are further bolstered by the infrastructure commonalities between the group and another uncategorized cluster codenamed UNC2286, which, in turn, shares overlaps with other Chinese espionage campaigns tracked as FamousSparrow and GhostEmperor.
"Shared infrastructure and techniques for anonymization are common amongst Chinese cyber espionage actors, as is shared tooling and likely malware development resources. It is likely that we will continue to observe Chinese cyber espionage operations targeting edge infrastructure with zero-day vulnerabilities and the deployment of malware customized to specific appliance ecosystems."
News URL
https://thehackernews.com/2023/08/chinese-hacking-group-exploits.html
Related news
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Chinese military-linked companies dominate US digital supply chain (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)