Suspected PRC Cyber Actors Continue to Globally Exploit Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868)

Other | 08/23/2023

As a part of the FBI investigation into the exploitation of CVE-2023-2868, a zero-day vulnerability in Barracuda Network’s Email Security Gateway (ESG) appliances, the FBI has independently verified that all exploited ESG appliances, even those with patches pushed out by Barracuda, remain at risk for continued computer network compromise from suspected PRC cyber actors exploiting this vulnerability. For more details regarding malware found to date related to this exploit and learn more about Barracuda backdoors, please visit CISA Releases Malware Analysis Reports on Barracuda Backdoors. The cyber actors utilized this vulnerability to insert malicious payloads onto the ESG appliance with a variety of capabilities that enabled persistent access, email scanning, credential harvesting, and data exfiltration. The FBI strongly advises all affected ESG appliances be isolated and replaced immediately, and all networks scanned for connections to the provided list of indicators of compromise immediately. https://go.fbinet.fbi/news/Pages/Bringing-Private-Sector-to-the-Fight-Against-Cyber-Adversaries.aspx

To read more, please log in