Security News > 2023 > August > US govt email servers hacked in Barracuda zero-day attacks
Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway zero-day, with a focus on entities across the Americas.
Barracuda warned customers that the vulnerability was being exploited to breach ESG appliances on May 20, when it also patched all vulnerable devices remotely.
While Mandiant and Barracuda are yet to find evidence of new ESG appliances being compromised via CVE-2023-2868 exploits after they were patched, the FBI warned last week that the patches are "Ineffective," and that patched devices are still being compromised in ongoing attacks.
The U.S. federal law enforcement agency also reinforced Barracuda's warning to customers that they should isolate and replace hacked appliances as soon as possible, advised them to investigate their networks for potential breaches, and urged them to revoke and rotate enterprise-privileged credentials to thwart the attackers' attempts to maintain network persistence.
FBI warns of patched Barracuda ESG appliances still being hacked.
CISA: New Submarine malware found on hacked Barracuda ESG appliances.
News URL
Related news
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2023-2868 | Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | 9.8 |