1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Barracuda email cyberattack may have been used by hackers to spy

    From TechnologyDaily@1337:1/100 to All on Fri Jun 16 19:00:03 2023
    Barracuda email cyberattack may have been used by hackers to spy on US government

    Date:
    Fri, 16 Jun 2023 17:54:05 +0000

    Description:
    A Barracuda ESG vulnerability was exploited for up to seven months by a group believed to be Chinese-backed spies.

    FULL STORY ======================================================================

    Cybersecurity firm and Google Cloud subsidiary, Mandiant, has announced suspicions that Chinese-backed spies could have been behind the exploitation of a zero-day vulnerability in the Barracuda Email Security Gateway (ESG).

    Researchers have tracked attacks to a China-nexus actor who appears to have been conducting espionage spanning a multitude of regions and sectors, including the US government.

    The announcement details how the attacker, codenamed UNC4841, sent emails containing malicious files to target organizations that would exploit CVE-2023-2868 in order to gain initial access to vulnerable Barracuda ESG appliances. Chinese spies could be behind the Barracuda ESG attack

    The CVE description details the vulnerability that affected versions 5.1.3.001-9.2.0.006:

    A remote attacker can specifically format [.tar] file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. Read more

    The best malware removal



    FBI takes down Russian malware network used to attack NATO allies



    Chinese hackers have turned Google's ethical hacking tool into a genuine
    security threat

    According to the security workers, public and private sectors were targeted, with more than half (55%) being in the Americas. The remaining came in almost equal parts from the EMEA and APAC regions, with attacks showing a clear
    focus on issues that are high policy priorities for the [Peoples Republic of China].

    The BNSF-36456 patch was automatically applied to all appliances, however attacks could have been going on undetected from October 2022 until May 2023
    - a period spanning more than seven months.

    Mandiant, who was responsible for raising the concern, said in a statement that it commends Barracuda for their decisive actions, transparency, and information sharing following the exploitation of CVE-2023-2868 by UNC4841.

    Nonetheless, the true identity of UNC4841 remains unconfirmed, with the group still at large and likely operating or developing other attacks and
    exploiting vulnerabilities elsewhere. Boost your security with the best endpoint protection software and best firewalls



    ======================================================================
    Link to news story: https://www.techradar.com/news/barracuda-email-cyberattack-may-have-been-used- by-hackers-to-spy-on-us-government


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)