The US Cybersecurity and Infrastructure Security Agency (CISA) has released analysis reports on three malware families used in an attack that exploited a recent remote command injection vulnerability in Barracuda Email Security Gateway (ESG).
The vulnerability, identified as CVE-2023-2868, affected appliance versions 5.1.3.001 to 9.2.0.006 and was exploited as a zero-day at least as early as October 2022. In late May 2023, Barracuda released fixes for the bug.
A reverse shell was executed on a victim network by a Chinese state-sponsored cyberespionage group known as UNC4841, and custom backdoors were then downloaded for persistence. The custom backdoors SeaSpy, SaltWater, and SeaSide are among the identified malware families.
Read More: CISA Analyzes Malware Used in Barracuda ESG Attacks
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
