Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Barracuda fixes new ESG zero-day exploited by Chinese hackers

Red padlock open on electric circuits network dark red background.

Cybersecurity experts from Barracuda recently discovered and patched a high-severity vulnerability in some of its email security gateway (ESG) devices.

The flaw, tracked as CVE-2023-7102, is an Arbitrary Code Execution (ACE) vulnerability found inside a third-party library called Spreadsheet::ParseExcel. This library is used by the Amavis virus scanner, within the ESG appliance, the experts said. By crafting a custom Excel attachment, the attackers would able to exploit the flaw and run pretty much any code on the vulnerable device, unabated.

Together with Mandiant, Barracuda’s researchers concluded that the flaw was being leveraged by a Chinese threat actor tracked as UNC4841. This group has been using the ACE flaw to drop new variants of SEASPY and SALTWATER malware.

Open source in danger

“On December 22, 2023, Barracuda deployed a patch to remediate compromised ESG appliances which exhibited indicators of compromise related to the newly identified malware variants,” the company said in an announcement. No action from the user’s side is required, Barracuda concluded, adding that its investigation into the matter is ongoing. 

While Barracuda did address the issue within its own ecosystem, the open-source library remains vulnerable, the company stressed. “For organizations utilizing Spreadsheet::ParseExcel in their own products or services, we recommend reviewing CVE-2023-7101 and promptly taking necessary remediation measures,” it concluded.

This is not the first time Barracuda’s ESG appliances were targeted by UNC4841, BleepingComputer reminds. In May, the group used another zero-day vulnerability, CVE-2023-2868, as part of its cyber-espionage campaign. At the time, the company said the hackers were abusing the flaw for more than half a year, and were deploying previously unknown malware. Roughly a third of all targeted endpoints belonged to government agencies, Mandiant confirmed.

Barracuda claims to be servicing more than 200,000 organizations all over the world, including major brands such as Samsung, Mitsubishi, or Delta Airlines.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.