web analytics

US FBI Urges Action on Barracuda ESG Hacking – Source: www.databreachtoday.com

us-fbi-urges-action-on-barracuda-esg-hacking-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Governance & Risk Management

Chinese Hackers Adapt to Countermeaures

David Perera (@daveperera) •
August 23, 2023    

US FBI Urges Action on Barracuda ESG Hacking
The entrance sign at Barracuda Networks headquarters in Campbell, Calif. (Image: Shutterstock)

The U.S. FBI urged the removal of email security appliances made by Barracuda Networks in a Wednesday flash alert, injecting fresh urgency in a push to stymie what’s been called the broadest Chinese cyber spying campaign in years.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

The bureau says it determined that patches from Barracuda fixing a zero day vulnerability exploited by suspected Beijing hackers are ineffective.

“The FBI continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit,” the bureau’s cyber division states. The vulnerability is tracked as CVE-2023-2868.

“Barracuda customers should remove all ESG appliances immediately,” the warning also says.

Barracuda in early June urged owners of hacked Email Security Gateway appliances to immediately replace their equipment regardless of whether they had applied patches to fix the vulnerability. The advisory came after the company observed continued malicious activity on previously-compromised appliances, even after the application of patches.

A Barracuda spokesperson Wednesday evening told Information Security Media Group the company believes the FBI warning is consistent with its earlier guidance that only owners of previously hacked devices should replace their appliances. ISMG contacted the FBI for clarification.

Suspected Chinese hackers in a state-run cyberespionage operation compromised hundreds of organizations through the vulnerability in the popular email security appliance. Security researchers from Mandiant determined in June that attackers began exploiting the zero day in October, and possibly earlier. “This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer, said in a June statement (see: Chinese Hackers Exploit Barracuda ESG Zero-Day).

Barracuda issued its first security patch for on May 20 after detecting the hackers on May 19. The vulnerability allowed hackers to send a malicious TAR archive file resulting in a command injection into the appliance. The attack was triggered when the security appliance scanned the attachment.

Mandiant, brought in by Barracuda to investigate, linked the hack to Beijing with “high confidence” and attributed the campaign to a previously unknown Chinese threat actor newly dubbed UNC4841. The threat actor “has been deploying new and novel malware to a small subset of high-priority targets following the remediation of CVE-2023-2868,” said Kevin Mandia, CEO of Mandiant, in an emailed Wednesday statement.

Hackers responded to Barracuda’s patch by modifying its primary backdoor to evade detection. Dubbed Submarine, the updated backdoor “lives in a Structured Query Language (SQL) database on the ESG appliance,” the Cybersecurity and Infrastructure Security Agency said in an Aug. 18 advisory.

“This actor continues to show sophistication and adaptability through deep preparedness and custom tooling, enabling its global espionage operations to span across public and private sectors worldwide,” Mandia added.

Original Post url: https://www.databreachtoday.com/us-fbi-urges-action-on-barracuda-esg-hacking-a-22918

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

New York State
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Cybersecurity Program Template A resource...
Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An...
CyberJA
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL...
SOSAFE
CybercrimeTrends 2024 The latest threats and security best practices
CybercrimeTrends 2024 The latest threats...
Routledge
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cyber Security Politics Socio-Technological Transformations...
Hidaia Mahmood Alassouli
Common Windows, Linux and Web Server SystemsHacking Techniques
Common Windows, Linux and Web...
Hidaia Mahmood Alassouli
Common Windows, Linux and Web Server SystemsHacking Techniques
Common Windows, Linux and Web...
Splunk
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SPLUNK® AND THE CIS CRITICALSECURITY...
SOC SIEM Use Cases
SOC SIEM Use Cases
safecode
Six Pillars of DevSecOps- Collaboration and Integration
Six Pillars of DevSecOps- Collaboration...
SentineOne
WatchTower I ntelligence-Driven Threat Hunting
WatchTower I ntelligence-Driven Threat Hunting
CNIL
Security of Personal Data
Security of Personal Data

More Latest Published Posts

CISA | Cybersecurity and Infrastructure Security Agency
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
McKinsey & Company
Transforming risk efficiency and effectiveness
Transforming risk efficiency and effectiveness
Arnold Antoo
Zero Trust Security Model
Zero Trust Security Model
Richea Perry
Your Cybersecurity Toolkit
Your Cybersecurity Toolkit
IGNITE Technologies
Wireless Penetration Testing
Wireless Penetration Testing
Joas A Santos
Windows API for Red Team #101
Windows API for Red Team #101
Economic Research Working Paper
Artificial Intelligence and Intellectual Property
Artificial Intelligence and Intellectual Property
CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN UN SIEM
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of AI Risk and Impact Assessments
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity planning
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat Huntingand Detection
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES
Project Management Institute
Building Resilience Through Strategic Risk Management
Building Resilience Through Strategic Risk Management
DATA LOSS PREVENTION (DLP)
DATA LOSS PREVENTION (DLP)
AICSSolutions
Cybersecurity Red Team
Cybersecurity Red Team
cisco
Cyber Incident Response
Cyber Incident Response
CSR Cyber Security Council
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
SYBEX
Cybersecurity ESSENTIALS
Cybersecurity ESSENTIALS
Agency for Digital Government
Cyber security in supplier relation ships
Cyber security in supplier relation ships
RINKU
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
CNIL
PRACTICE GUIDE GDPR
PRACTICE GUIDE GDPR