- A China-based hacking group called UNC4841 exploited a zero-day vulnerability in Barracuda’s Email Security Gateway (ESG) to target U.S. government bodies.
- The Federal Bureau of Investigation issued a flash alert claiming that several appliances remained at risk.
Barracuda Networks and Google’s Mandiant have revealed that a zero-day vulnerability in Barracuda’s email security gateway (ESG) was exploited extensively by a China-based hacking group called UNC4841. The group largely targeted government organizations in the U.S. and Canada.
The vulnerability known as CVE-2023-2868 has reportedly been exploited since late 2022, while it has been known widely only in May 2023. While Barracuda dropped a patch soon after, the fix was eventually deemed ineffective, forcing the company to advise affected organizations to discard vulnerable devices.
The zero-day vulnerability allows remote command injections in some Barracuda ESG devices, which account for approximately 5% of all installations, giving attackers RCE capabilities with higher privileges.
While Mandiant and Barracuda have claimed that there has been no exploitation of the vulnerability since the patch, the…
