Skip to content
Stay Safe in a Tech-Driven WorldCloud Computing RevolutionGadgets Lead: Exploring the Latest Tech Trends

Unidentified Hacker Capitalizes on Barracuda Zero-day Vulnerability for a 7-month Period Undetected

Expanded vulnerability discovered in the email security gateway appliances of the security provider, potentially jeopardizing numerous customers' system security.

 and  Administrator
2 min read
Unidentified attackers successfully exploited a previously unknown Barracuda vulnerability for a...
Unidentified attackers successfully exploited a previously unknown Barracuda vulnerability for a period of approximately 7 months prior to its discovery.

Unidentified Hacker Capitalizes on Barracuda Zero-day Vulnerability for a 7-month Period Undetected

In a recent development, cybersecurity firm Barracuda has identified a zero-day vulnerability (CVE-2023-2868) on a subset of its email security gateway appliances. This vulnerability allowed for persistent backdoor access, potentially leading to compromises and data exfiltration activities.

The vulnerability was first disclosed by Barracuda last week, and patches were issued on May 20 and May 21. However, the exact number of customers potentially affected remains unknown, as Barracuda did not respond to questions about the number of users of its email security gateway appliances.

The email security gateway appliances have been used by organisations targeted by Chinese-linked cyber espionage groups such as Salt Typhoon and UNC4841. These groups have been exploiting the critical zero-day vulnerability in these appliances since 2019, with data exfiltration activities reported to continue through 2024.

It is worth noting that Barracuda had over 200,000 customers when it was acquired by KKR in April 2022. Fortunately, no other Barracuda products are impacted by the vulnerability, according to the company.

Customers with ESG devices that were impacted have been notified by Barracuda. Known indicators of compromise were included in the latest update by Barracuda. Mandiant was hired by Barracuda to assist with an investigation following the alert.

The first known active exploitation of CVE-2023-2868 occurred in October. Barracuda was alerted to anomalous traffic on an ESG device on May 18, and the vulnerability was identified on May 19. It is reported that the vulnerability was actively exploited up to seven months ago.

Barracuda is currently deploying a subsequent series of security patches to all its appliances to address the issue and prevent further breaches. The company emphasizes the importance of applying these patches as soon as possible to ensure the security of its customers' data.

Read also:

Related

Latest