Security News > 2023 > August > Barracuda gateway attacks: How Chinese snoops keep a grip on victims' networks
Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant.
Mandiant continues to recommend people dump and replace their at-risk Barracuda equipment.
In a deep dive published this week, Mandiant said even after Barracuda patched the vulnerability, the spies showed "Sophistication and adaptability in response to remediation efforts," and likely created their post-intrusion software tools in advance, to use against high-value target organizations' networks.
"Specifically, UNC4841 deployed new and novel malware designed to maintain presence at a small subset of high priority targets that it compromised either before the patch was released, or shortly following Barracuda's remediation guidance," Mandiant's latest research concluded.
Of the three backdoors deployed in this second surge, Skipjack was the most widely used and Mandiant observed it on about 5.8 percent of all compromised ESG appliances.
The second backdoor, which Mandiant named Depthcharge and CISA tracks as Submarine, was designed to infect new, clean devices when the victim orgs restored backup configurations from their previously compromised appliances.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/08/30/mandiant_barracuda_esg_bug/
Related news
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)