Barracuda has revealed that Chinese language risk actors exploited a brand new zero-day in its Electronic mail Safety Gateway (ESG) home equipment to deploy backdoors on a “restricted quantity” of units.
Tracked as CVE-2023-7102, the difficulty pertains to a case of arbitrary code execution that resides inside a third-party and open-source library Spreadsheet::ParseExcel that is utilized by the Amavis scanner throughout the gateway.
The corporate attributed the exercise to a risk actor tracked by Google-owned Mandiant as UNC4841, which was beforehand linked to the energetic exploitation of one other zero-day in Barracuda units (CVE-2023-2868, CVSS rating: 9.8) earlier this 12 months.
Profitable exploitation of the brand new flaw is achieved via a specifically crafted Microsoft Excel e-mail attachment. That is adopted by the deployment of recent variants of identified implants referred to as SEASPY and SALTWATER which are geared up to supply persistence and command execution capabilities.
Barracuda mentioned it launched a safety replace that has been “routinely utilized” on December 21, 2023, and that no additional buyer motion is required.
It additional identified that it “deployed a patch to remediate compromised ESG home equipment which exhibited indicators of compromise associated to the newly recognized malware variants” a day later. It didn’t disclose the size of the compromise.
That mentioned, the unique flaw within the Spreadsheet::ParseExcel Perl module (model 0.65) stays unpatched and has been assigned the CVE identifier CVE-2023-7101, necessitating that downstream customers take acceptable remedial motion.
Based on Mandiant, which has been investigating the marketing campaign, various non-public and public sector organizations situated in a minimum of 16 nations are estimated to have been impacted since October 2022.
The newest growth as soon as once more speaks to UNC4841’s adaptability, leveraging new ways and methods to retain entry to excessive precedence targets as current loopholes get closed.
