American FBI Warns of Critical Vulnerability in Barracuda Email Security Gateway
The American Federal Bureau of Investigations (FBI) has issued a warning stating that the corrections made for a critical error in the remote input of commands of the Barracuda Email Security Gateway (ESG) are “ineffective”. Furthermore, even the corrected devices are still at risk of real attacks, as per the FBI’s warning [source].
The vulnerability, known as CVE-2023-2868, was first exploited by attackers in October 2022. During the attack, hackers managed to gain remote access to systems by installing previously unknown malicious programs, namely Seaspy, Saltwater, and Seaside, on ESG hacking devices [source].
Although Barracuda released patches on May 20 and blocked access to compromised devices, the company recently warned customers that a complete physical replacement of all vulnerable devices is necessary. However, the FBI has emphasized that the patches released by Barracuda have proven to be ineffective. It is suspected that hackers, believed to be associated with China, are still actively exploiting the vulnerability in the corrected ESG devices [source].
In light of the situation, the FBI strongly advises immediately isolating and replacing all vulnerable devices. They also recommend scanning networks for any connections to the compromise indicators listed in their published warning [source].
Customers of Barracuda who have used privileged accounting data Active Directory are urged to urgently revoke and change passwords to prevent unauthorized access by hackers on their networks [source].
It is important to note that Barracuda solutions are utilized by more than 200,000 organizations worldwide, including major companies such as Samsung, Delta Airlines, Mitsubishi, and Kraft Heinz. The active exploitation of vulnerability CVE-2023-2868 poses a significant threat to the confidentiality of data held by these organizations [source].