Barracuda Networks Inc. has patched a vulnerability in its Email Security Gateway appliances that was found to be being exploited by an alleged Chinese hacking group.

Tracked as CVE-2023-7102, the vulnerability is an arbitrary code execution vulnerability in a third-party library, Spreadsheet::ParseExcel. An arbitrary code execution vulnerability is a security flaw that allows an attacker to execute any command or code of their choice on a target system or software application.

The detected threat actor exploiting the vulnerability was found to be deploying a specially crafted Excel email attachment targeting a limited number of ESG devices. Upon gaining access, the threat actor was then observed deploying new Seaspy and Saltware malware strains on a number of ESG devices.

Barracuda deployed a security update to all active ESGs to address the vulnerability on Dec. 21, with the update being automatically applied, requiring no action by customers.

In conjunction with Google LLC’s cybersecurity company Mandiant, Barracuda subsequently attributed the group behind the attacks as the threat actor tracked as UNC4841. The same threat actor was also behind similar attacks targeting Barracuda ESGs earlier this year.

The earlier attack on Barracuda ESGs was detected in May. A subsequent analysis from Mandiant found “points of overlap with infrastructure” used by other China-linked hacking groups. “Mandiant assesses with high confidence that UNC4841 conducted espionage activity in support of the People’s Republic of China,” the researchers wrote at the time.

Although there are no details on which Barracuda customers were targeted in the latest attack, UNC4841 was previously determined to focus primarily on espionage. Previous targets for the group included companies and organizations in the military, defense, aerospace, high-tech and telecommunications sectors.

“Espionage continues to be a significant focus for many threat actors, especially those that are nation-state sanctioned,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE in August.

In addition to filing CVE-2023-7102 in relation to the Spreadsheet::ParseExcel vulnerability, which has been patched, Barracuda also filed a second vulnerability, CVE-2023-7101. The second vulnerability has no known patch or update available within the open-source library.

Barracuda is recommending that organizations that use Spreadsheet::ParseExcel in their own products or services review CVE-2023-7101 and promptly take necessary remediation measures.

Photo: Barracuda Networks