Barracuda email cyberattack may have been used by hackers to spy on US government

Craig Hale

June 16, 2023 at 1:54 PM·2 min read

Cybersecurity firm and Google Cloud subsidiary, Mandiant, has announced suspicions that Chinese-backed spies could have been behind the exploitation of a zero-day vulnerability in the Barracuda Email Security Gateway (ESG).

Researchers have tracked attacks to a China-nexus actor who appears to have been conducting espionage “spanning a multitude of regions and sectors,” including the US government.

The announcement details how the attacker, codenamed UNC4841, sent emails containing malicious files to target organizations that would exploit CVE-2023-2868 in order to gain initial access to vulnerable Barracuda ESG appliances.

Chinese spies could be behind the Barracuda ESG attack

The CVE description details the vulnerability that affected versions 5.1.3.001-9.2.0.006:

“A remote attacker can specifically format [.tar] file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.”

> The best malware removal

> FBI takes down Russian malware network used to attack NATO allies

> Chinese hackers have turned Google's ethical hacking tool into a genuine security threat

According to the security workers, public and private sectors were targeted, with more than half (55%) being in the Americas. The remaining came in almost equal parts from the EMEA and APAC regions, with attacks showing a clear focus “on issues that are high policy priorities for the [People’s Republic of China].”

The BNSF-36456 patch was automatically applied to all appliances, however attacks could have been going on undetected from October 2022 until May 2023 - a period spanning more than seven months.

Mandiant, who was responsible for raising the concern, said in a statement that it “commends Barracuda for their decisive actions, transparency, and information sharing following the exploitation of CVE-2023-2868 by UNC4841.”

Nonetheless, the true identity of UNC4841 remains unconfirmed, with the group still at large and likely operating or developing other attacks and exploiting vulnerabilities elsewhere.

Boost your security with the best endpoint protection software and best firewalls

Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
2d ago
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
1d ago
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
1d ago
Yahoo Sports
NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in
Not everyone was thrilled with their team's draft on Thursday night.
5d ago
Yahoo Sports
The best RBs for 2024 fantasy football according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 season.
11h ago
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
46m ago
Yahoo Sports
Chiefs sign Travis Kelce to new contract that reportedly makes him highest-paid TE in NFL
Travis Kelce has reportedly gotten a raise.
1d ago
Yahoo Life Shopping
Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you
It's inexpensive, but is it effective? Dermatologists' verdict is in — and it's unanimous.
4h ago
Yahoo Sports
The expanded 12-team College Football Playoff is here — and it already has problems
There is cause for excitement around the new playoff format. There's also lots of complaints and criticism to go around.
2d ago
Yahoo Sports
MLB Power Rankings: Braves move into the top spot followed by Dodgers, Phillies as injuries take a toll across the league
From the Braves to the Marlins, here's where all 30 teams stand after the season's first month.
6h ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Barracuda email cyberattack may have been used by hackers to spy on US government

Chinese spies could be behind the Barracuda ESG attack

Recommended Stories

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

NFL Draft grades for all 32 teams | Zero Blitz

NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in

The best RBs for 2024 fantasy football according to our experts

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

Chiefs sign Travis Kelce to new contract that reportedly makes him highest-paid TE in NFL

Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you

The expanded 12-team College Football Playoff is here — and it already has problems

MLB Power Rankings: Braves move into the top spot followed by Dodgers, Phillies as injuries take a toll across the league