National Cyber Warfare Foundation (NCWF) Forums


Chinese Hackers Exploit New Zero-Day in Barracuda s ESG to Deploy Backdoor


0 user ratings
2023-12-28 15:15:07
milo
Red Team (CNA)

 - archive -- 

Barracuda Email Security Gateway (ESG) Appliance has been discovered with an Arbitrary code Execution vulnerability exploited by a China Nexus threat actor tracked as UNC4841. Additionally, the vulnerability targeted only a limited number of ESG devices.  However, Barracuda has deployed a security update to all the active ESGs to address this vulnerability, and has been […]


The post Chinese Hackers Exploit New Zero-Day in Barracuda’s ESG to Deploy Backdoor appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Barracuda Email Security Gateway (ESG) Appliance has been discovered with an Arbitrary code Execution vulnerability exploited by a China Nexus threat actor tracked as UNC4841.





Additionally, the vulnerability targeted only a limited number of ESG devices. 





However, Barracuda has deployed a security update to all the active ESGs to address this vulnerability, and has been automatically applied to all the devices, which does not require any action from the user.





The new vulnerability has been assigned to CVE-2023-7102, and the severity is yet to be categorized.





Chinese Hackers Exploit New Zero-Day





This vulnerability exists due to using a third-party library, “Spreadsheet::ParseExcel,” in the Barracuda ESG appliances.





This open-source third-party library is vulnerable to arbitrary code execution that can be exploited by sending a specially crafted Excel email attachment to the affected device.





The Chinese Nexus threat actors have been using this vulnerability to deploy new variants of SEASPY and SALTWATER malware to the affected devices.





However, Barracuda has patched these vulnerabilities accordingly. Moreover, Barracuda stated, “Barracuda has filed CVE-2023-7102 about Barracuda’s use of Spreadsheet::ParseExcel which has been patched”.





Another vulnerability, CVE-2023-7101, affected the same spreadsheet: ParseExcel, and no patches or updates were available.





Nevertheless, both of these vulnerabilities were associated with a previously discovered vulnerability, CVE-2023-2868, that was exploited by the same threat group in May and June 2023.





Furthermore, a complete report about these vulnerabilities, along with additional information, has been published, which provides detailed information about this vulnerability and the previously discovered vulnerabilities.





Indicators of Compromise





MalwareMD5 HashSHA256File Name(s)File Type
CVE-2023-7102 XLS Document2b172fe3329260611a9022e71acdebca803cb5a7de1fe0067a9eeb220dfc24ca56f3f571a986180e146b6cf387855bddads2.xlsxls
CVE-2023-7102 XLS Documente7842edc7868c8c5cf0480dd98bcfe76952c5f45d203d8f1a7532e5b59af8e330 6b5c1c53a30624b6733e0176d8d1acddon.xlsxls
CVE-2023-7102 XLS Documente7842edc7868c8c5cf0480dd98bcfe76952c5f45d203d8f1a7532e5b59af8e330 6b5c1c53a30624b6733e0176d8d1acdpersonalbudget.xlsxls
SEASPY7b83e4bd880bb9d7904e8f553c2736e3118fad9e1f03b8b1abe00529c61dc3edf da043b787c9084180d83535b4d177b7wifi-servicex-executable
SALTWATERd493aab1319f10c633f6d223da232a2734494ecb02a1cccadda1c7693c45666e1 fe3928cc83576f8f07380801b07d8bamod_tll.sox-sharedlib




Network IOCs





IP AddressASNLocation
23.224.99.24240065US
23.224.99.24340065US
23.224.99.24440065US
23.224.99.24540065US
23.224.99.24640065US
23.225.35.23440065US
23.225.35.23540065US
23.225.35.23640065US
23.225.35.23740065US
23.225.35.23840065US
107.148.41.146398823US

The post Chinese Hackers Exploit New Zero-Day in Barracuda’s ESG to Deploy Backdoor appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Source: gbHackers
Source Link: https://gbhackers.com/barracuda-esg-zero-day/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.