UPDATED 19:19 EST / DECEMBER 28 2023

SECURITY

Barracuda patches Email Security Gateway vulnerability targeted by hackers

Barracuda Networks Inc. has patched a vulnerability in its Email Security Gateway appliances that was found to be being exploited by an alleged Chinese hacking group.

Tracked as CVE-2023-7102, the vulnerability is an arbitrary code execution vulnerability in a third-party library, Spreadsheet::ParseExcel. An arbitrary code execution vulnerability is a security flaw that allows an attacker to execute any command or code of their choice on a target system or software application.

The detected threat actor exploiting the vulnerability was found to be deploying a specially crafted Excel email attachment targeting a limited number of ESG devices. Upon gaining access, the threat actor was then observed deploying new Seaspy and Saltware malware strains on a number of ESG devices.

Barracuda deployed a security update to all active ESGs to address the vulnerability on Dec. 21, with the update being automatically applied, requiring no action by customers.

In conjunction with Google LLC’s cybersecurity company Mandiant, Barracuda subsequently attributed the group behind the attacks as the threat actor tracked as UNC4841. The same threat actor was also behind similar attacks targeting Barracuda ESGs earlier this year.

The earlier attack on Barracuda ESGs was detected in May. A subsequent analysis from Mandiant found “points of overlap with infrastructure” used by other China-linked hacking groups. “Mandiant assesses with high confidence that UNC4841 conducted espionage activity in support of the People’s Republic of China,” the researchers wrote at the time.

Although there are no details on which Barracuda customers were targeted in the latest attack, UNC4841 was previously determined to focus primarily on espionage. Previous targets for the group included companies and organizations in the military, defense, aerospace, high-tech and telecommunications sectors.

“Espionage continues to be a significant focus for many threat actors, especially those that are nation-state sanctioned,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE in August.

In addition to filing CVE-2023-7102 in relation to the Spreadsheet::ParseExcel vulnerability, which has been patched, Barracuda also filed a second vulnerability, CVE-2023-7101. The second vulnerability has no known patch or update available within the open-source library.

Barracuda is recommending that organizations that use Spreadsheet::ParseExcel in their own products or services review CVE-2023-7101 and promptly take necessary remediation measures.

Photo: Barracuda Networks

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU