Security News > 2023 > August > US govt email servers hacked in Barracuda zero-day attacks
Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway zero-day, with a focus on entities across the Americas.
Barracuda warned customers that the vulnerability was being exploited to breach ESG appliances on May 20, when it also patched all vulnerable devices remotely.
While Mandiant and Barracuda are yet to find evidence of new ESG appliances being compromised via CVE-2023-2868 exploits after they were patched, the FBI warned last week that the patches are "Ineffective," and that patched devices are still being compromised in ongoing attacks.
The U.S. federal law enforcement agency also reinforced Barracuda's warning to customers that they should isolate and replace hacked appliances as soon as possible, advised them to investigate their networks for potential breaches, and urged them to revoke and rotate enterprise-privileged credentials to thwart the attackers' attempts to maintain network persistence.
FBI warns of patched Barracuda ESG appliances still being hacked.
CISA: New Submarine malware found on hacked Barracuda ESG appliances.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- International Monetary Fund email accounts hacked in cyberattack (source)
- Spa Grand Prix email account hacked to phish banking info from fans (source)
- US organizations targeted with emails delivering NetSupport RAT (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-24 | CVE-2023-2868 | Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | 9.8 |