Barracuda has revealed that Chinese language menace actors exploited a brand new zero-day in its Electronic mail Safety Gateway (ESG) home equipment to deploy backdoors on a “restricted quantity” of gadgets.
Tracked as CVE-2023-7102, the difficulty pertains to a case of arbitrary code execution that resides inside a third-party and open-source library Spreadsheet::ParseExcel that is utilized by the Amavis scanner throughout the gateway.
The corporate attributed the exercise to a menace actor tracked by Google-owned Mandiant as UNC4841, which was beforehand linked to the lively exploitation of one other zero-day in Barracuda gadgets (CVE-2023-2868, CVSS rating: 9.8) earlier this 12 months.
Profitable exploitation of the brand new flaw is completed via a specifically crafted Microsoft Excel electronic mail attachment. That is adopted by the deployment of recent variants of recognized implants referred to as SEASPY and SALTWATER which might be geared up to supply persistence and command execution capabilities.
Barracuda stated it launched a safety replace that has been “mechanically utilized” on December 21, 2023, and that no additional buyer motion is required.
It additional identified that it “deployed a patch to remediate compromised ESG home equipment which exhibited indicators of compromise associated to the newly recognized malware variants” a day later. It didn’t disclose the size of the compromise.
That stated, the unique flaw within the Spreadsheet::ParseExcel Perl module (model 0.65) stays unpatched and has been assigned the CVE identifier CVE-2023-7101, necessitating that downstream customers take acceptable remedial motion.
Based on Mandiant, which has been investigating the marketing campaign, a lot of personal and public sector organizations situated in at the very least 16 international locations are estimated to have been impacted since October 2022.
The newest improvement as soon as once more speaks to UNC4841’s adaptability, leveraging new ways and strategies to retain entry to excessive precedence targets as present loopholes get closed.