Barracuda says hacked ESG appliances must be replaced immediately

Barracuda

Image: Bing Image Creator

Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability.

“Impacted ESG appliances must be immediately replaced regardless of patch version level,” the company warned in an update to the initial advisory issued on Tuesday.

“Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG.”

According to Barracuda, affected customers have already been notified through breached ESGs’ user interface. Customers who haven’t yet replaced their devices are urged to contact support urgently via email.

The warning comes after the critical Barracuda ESG remote command injection flaw tracked as CVE-2023-2868 was patched remotely on May 20, and the attackers’ access to the compromised appliances was cut off one day later by deploying a dedicated script.

On May 24, Barracuda warned customers that their ESG appliances might have been breached via the CVE-2023-2868 bug and advised them to investigate their environments for signs of intrusion.

A Barracuda spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today for additional details on why a full ESG replacement is required.

Exploited since at least October 2022

Before being patched, the Barracuda ESG bug was exploited as a zero-day for at least seven months to backdoor customers’ ESG appliances with custom malware and steal data, as the company revealed one week ago.

It was first used in October 2022 to breach “a subset of ESG appliances” and install malware which provided the attackers with persistent access to the compromised devices.

They deployed Saltwater malware to backdoor the infected appliances and a malicious tool dubbed SeaSide to establish reverse shells for easy remote access via SMTP HELO/EHLO commands.

Subsequently, the threat actors took advantage of their access to steal information from the backdoored appliances.

CISA also added the CVE-2023-2868 vulnerability to its catalog of bugs exploited in attacks, warning federal agencies with ESG appliances to check their networks for evidence of breaches.

Barracuda says its products are used by over 200,000 organizations, including high-profile companies like Samsung, Delta Airlines, Mitsubishi, and Kraft Heinz.


Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn