Barracuda has revealed that Chinese language menace actors exploited a brand new zero-day in its Electronic mail Safety Gateway (ESG) home equipment to deploy backdoor on a “restricted quantity” of gadgets.
Tracked as CVE-2023-7102, the difficulty pertains to a case of arbitrary code execution that resides inside a third-party and open-source library Spreadsheet::ParseExcel that is utilized by the Amavis scanner throughout the gateway.
The corporate attributed the exercise to a menace actor tracked by Google-owned Mandiant as UNC4841, which was beforehand linked to the energetic exploitation of one other zero-day in Barracuda gadgets (CVE-2023-2868, CVSS rating: 9.8) earlier this yr.
Profitable exploitation of the brand new flaw is completed by way of a specifically crafted Microsoft Excel electronic mail attachment. That is adopted by the deployment of recent variants of recognized implants known as SEASPY and SALTWATER which are outfitted to supply persistence and command execution capabilities.
Barracuda mentioned it launched a security replace that has been “routinely utilized” on December 21, 2023, and that no additional buyer motion is required.
It additional identified that it “deployed a patch to remediate compromised ESG home equipment which exhibited indicators of compromise associated to the newly recognized malware variants” a day later. It didn’t disclose the size of the compromise.
That mentioned, the unique flaw within the Spreadsheet::ParseExcel Perl module (model 0.65) stays unpatched and has been assigned the CVE identifier CVE-2023-7101, necessitating that downstream customers take applicable remedial motion.
In accordance with Mandiant, which has been investigating the marketing campaign, plenty of personal and public sector organizations situated in a minimum of 16 nations are estimated to have been impacted since October 2022.
The newest improvement as soon as once more speaks to UNC4841’s adaptability, leveraging new ways and strategies to retain entry to excessive precedence targets as current loopholes get closed.
