Hackers have been exploiting a zero-day vulnerability in a Barracuda Networks product over several months to target countless organizations with numerous pieces of malware, reports have claimed.
The company said it has patched a critical vulnerability tracked as CVE-2023-2868, which had been used by threat actors since October 2022. The email software in question is called Barracuda Email Security Gateway (ESG), with versions between 5.1.3.001 and 9.2.0.006 being vulnerable.
“Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take,” the company said in a security advisory. “Barracuda has also reached out to these specific customers. Additional customers may be identified in the course of the investigation.”
Three malware families
So far, Barracuda says it has spotted three malware families being distributed via the zero-day: Saltwater, Seaside, and Seaspy.
The former allows threat actors to download and upload files, and run commands, among other things. Seaside is a persistence backdoor, while the latter is used to receive a C2 IP address and port to establish a reverse shell.
To make sure your organization is safe, you should do the following:
- Update your ESG appliance, and make sure it is regularly patched
- Stop using the compromised ESG appliance
- Rotate ESG appliance credentials where possible, including any connected LDAP/AD, Barracuda Cloud Control, FTP Server, SMB, and any private TLS certificates.
- The company also invites all clients who believe they may have been targeted, to reach out to support via [email protected].
Finally, organizations should review their network logs and look for possible indicators of compromise or unknown IP addresses.
According to the National Vulnerability Database, the flaw is a remote command injection vulnerability arising as the appliance fails to comprehensively sanitize the processing of .tar files (tape archives). In other words, formatting file names in a specific way allows the attackers to execute system commands.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba