Barracuda ESG zero-day exploited

Attacks targeted at Barracuda Email Security Gateway appliances impacted by the new zero-day flaw, tracked as CVE-2023-7102, have been launched by suspected Chinese state-sponsored cyberespionage operation UNC4841 to facilitate the deployment of updated SaltWater and SeaSpy malware variants, according to SecurityWeek. Organizations leveraging vulnerable ESG devices have been urged by Barracuda to immediately apply security patches that were released last week. However, no fixes have been issued to remediate a Spreadsheet:ParseExcel library flaw, tracked as CVE-2023-7101, with Barracuda recommending a prompt review of other remediation measures. Such intrusions by UNC4841 come months after the group was reported by Mandiant to have exploited another Barracuda ESG zero-day, tracked as CVE-2023-2868, to target organizations with various trojanized Barracuda LUA modules and the SandBar rootkit, in addition to the SaltWater, SeaSpy, and SeaSide backdoors. Organizations in several sectors across 16 countries have been targeted by UNC4841, most of which were in the Americas.