Hacked Barracuda ESGs impacted by novel Submarine malware

U.S. federal networks were reported by the Cybersecurity and Infrastructure Security Agency to have had their Barracuda Email Security Gateway compromised with the novel Submarine malware, also known as DepthCharge, in attacks by suspected China-linked threat operation UNC4841 involving the exploitation of a remote command injection vulnerability, tracked as CVE-2023-2868, in May, according to BleepingComputer. Hacked ESG appliances had the Submarine malware within their Structured Query Language database, said CISA in a report, which also noted the persistent backdoor's presence of various artifacts enabling root privilege execution, persistence, command and control, and clean-up activities. "In addition to SUBMARINE, CISA obtained associated Multipurpose Internet Mail Extensions (MIME) attachment files from the victim. These files contained the contents of the compromised SQL database, which included sensitive information," added CISA, which warned about lateral movement risk related to Submarine. Organizations leveraging Barracuda ESG appliances have been urged by Barracuda to perform comprehensive environment reviews to ensure the protection of other devices within their networks.