Monday, April 15, 2024
HomeSECURITYFixed 0day vulnerability in Barracuda system used for 7 months to steal...

Fixed 0day vulnerability in Barracuda system used for 7 months to steal data

-


Fixed 0day vulnerability in Barracuda system used for 7 months to steal data

During the hack, 3 strains of malware were used to exfiltrate files.

Information security company Barracuda Networks reported that a recently patched zero-day vulnerability in the Email Security Gateway (ESG) has been used by attackers to compromise devices since October 2022.

According to Barracuda, a critical vulnerability CVE-2023-2868 (CVSS: 9.4) was actively used for at least 7 months prior to its discovery to gain unauthorized access to a subset of ESG and steal data from them.

A vulnerability discovered by Barracuda on May 19, 2023 affects versions 5.1.3.001 through 9.2.0.006 and could allow a remote attacker to execute code on vulnerable devices. Fixes were released by Barracuda on May 20th and 21st.

To date, 3 different strains of malware have been identified that have been used in attacks:

  • SALTWATER is a Trojan module for the Barracuda SMTP daemon (bsmtpd) designed to upload and download arbitrary files, execute commands, and create a proxy server and tunnel malicious traffic so that it remains undetected;
  • SEASPY – x64 ELF backdoor offering save options and activated with Magic Packet;
  • SEASIDE is a module that installs reverse shells using HELO/EHLO SMTP commands sent via the C2 server.

According to Mandiant, who is investigating the incident, a source code match was found between SEASPY and an open source backdoor called cd00r . The attacks were not attributed to any hacker group.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular