Security News > 2023 > August > US govt email servers hacked in Barracuda zero-day attacks
Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway zero-day, with a focus on entities across the Americas.
Barracuda warned customers that the vulnerability was being exploited to breach ESG appliances on May 20, when it also patched all vulnerable devices remotely.
While Mandiant and Barracuda are yet to find evidence of new ESG appliances being compromised via CVE-2023-2868 exploits after they were patched, the FBI warned last week that the patches are "Ineffective," and that patched devices are still being compromised in ongoing attacks.
The U.S. federal law enforcement agency also reinforced Barracuda's warning to customers that they should isolate and replace hacked appliances as soon as possible, advised them to investigate their networks for potential breaches, and urged them to revoke and rotate enterprise-privileged credentials to thwart the attackers' attempts to maintain network persistence.
FBI warns of patched Barracuda ESG appliances still being hacked.
CISA: New Submarine malware found on hacked Barracuda ESG appliances.
News URL
Related news
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-24 | CVE-2023-2868 | Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | 9.8 |